Post tweets, replies, and quotes to X/Twitter using the official API v2. Use this instead of bird for posting. Uses API credits so only post when explicitly...
Security Analysis
high confidenceThe skill's requirements and runtime instructions match its stated purpose (posting to X/Twitter): the requested binaries and API credentials are appropriate and there's no evidence of unrelated or excessive access.
Name/description (post tweets via X API v2) aligns with required items: a tweet-cli binary and the four X API credentials are exactly what a posting CLI needs. No unrelated credentials, binaries, or config paths are requested.
SKILL.md instructs the agent to install and run tweet-cli, create a per-user config file in ~/.config/tweet-cli/.env, and confirm with the user before posting. It does not instruct reading unrelated system files or exfiltrating data. The explicit rule to avoid speculative posting reduces risk.
Install guidance uses npm to install directly from a GitHub tag (npm install -g github:0xmythril/tweet-cli#v1.0.0). This is a common pattern but has more risk than installing a vetted package from a central registry because it pulls code from a repository. The registry metadata shows 'No install spec' while SKILL.md provides an install command — this is a small metadata inconsistency but not a security red flag by itself.
The four required environment variables (X_API_KEY, X_API_SECRET, X_ACCESS_TOKEN, X_ACCESS_TOKEN_SECRET) are the standard credentials needed to post via X's API. No other secrets or unrelated env vars are requested. The instructions store credentials in a user-scoped config file (~/.config/tweet-cli/.env) and recommend chmod 600, which is reasonable for a CLI.
The skill does not request always: true, does not modify system-wide or other-skill configuration, and its persistent footprint is limited to a per-user config file in the user's home directory. Agent autonomous invocation is allowed by default but not combined with other concerning privileges here.
Guidance
This skill appears coherent for posting to X/Twitter, but follow these precautions before installing or using it: (1) inspect the GitHub repo and package.json yourself (or run npm pack --dry-run) to confirm there are no postinstall scripts or unexpected telemetry; (2) prefer creating a dedicated API key/account with minimal permissions for automated posting; (3) store credentials in a secure secrets store if available rather than plaintext files (if you use ~/.config/tweet-cli/.env, keep chmod 600 as recommended); (4) be cautious about installing from a GitHub tag — verify the exact tag and review recent commits and releases; (5) ensure the agent asks the user to confirm every post (the SKILL.md instructs this) and do not allow speculative posting. If you want lower-risk verification, request the skill author publish a release tarball or an npm package on the official registry and provide a checksum for audit.
Latest Release
v1.0.0
- Added a detailed Security section outlining credential handling, lack of telemetry, and dependency transparency. - Updated installation instructions to recommend a version-pinned npm install command. - Specified environment variables required in metadata for clearer configuration requirements. - Improved credential setup steps: added `chmod 600` guidance for restricting access to `.env`. - Clarified depedencies and absence of install scripts in the documentation.
More by @0xmythril
Published by @0xmythril on ClawHub
