Set up a reusable X/Twitter growth automation system with OpenClaw, Bird CLI, X API, optional source branching, optional community CTA, dry-run/live rollout,...
Security Analysis
high confidenceThe skill's requested files, instructions, and included scripts are coherent with its stated purpose of scaffolding a reusable X/Twitter automation project; it does not request unrelated credentials or perform hidden network installs or suspicious operations.
Name/description (X growth automation) match the included artifacts: SKILL.md, setup questionnaire, rollout docs, and a scaffold script that generates a project and .env.example. There are no unrelated required env vars or binaries. The presence of placeholders for X credentials in .env.example is appropriate for this purpose.
SKILL.md confines its runtime instructions to asking setup questions, scaffolding a new project folder, filling config files, and using dry-run-first defaults. It explicitly forbids copying private tokens and asks the agent to explain where credentials should be placed. The runtime steps reference only local files included in the package and the local scaffold script; they do not instruct the agent to read unrelated system paths or exfiltrate data.
No install spec or external downloads are present. The skill is instruction-first and includes small, local scripts (Python scaffold and a publish helper). Nothing in the package pulls code from arbitrary URLs or extracts archives.
The skill declares no required env vars or primary credential. The .env.example contains expected placeholders for X API keys and session tokens (appropriate for a tool that may interact with X when live), but the skill does not require or capture credentials at install time. This is proportionate to its purpose.
The skill is not flagged always:true and does not request system-wide changes. It scaffolds a separate project directory by default and does not modify other skills or global agent configuration. Autonomous invocation remains enabled by platform default, which is expected behavior for an agent skill; the skill itself does not escalate privileges.
Guidance
This skill appears to do what it says: scaffold a fresh X automation project and guide a dry-run-first rollout. Before enabling live publishing: (1) verify the skill's origin (PUBLISHING.md references a GitHub repo — inspect that repo yourself), (2) never paste real X credentials into prompts or chat — only place them in the generated .env under your control, and (3) review the generated config/publish-policy.json and reply rules so an agent can't post without your explicit approval. The package itself does not exfiltrate data or download remote code, but enabling live mode gives any agent acting with your stored credentials the ability to post to your account — proceed cautiously and keep caps and logging enabled as the docs recommend.
Latest Release
v1.0.0
Initial release of x-growth-automation. - Provides a reusable system for X/Twitter growth automation using OpenClaw, Bird CLI, and X API. - Features a setup questionnaire to customize automation by niche, cadence, language, and integration options. - Ensures safety with dry-run defaults, explicit caps, and clear separation of read (Bird) and write (X API) operations. - Supports optional source branching, community CTAs, reply automation, and external content feeds. - Scaffolds a new, clean project folder unless otherwise specified, with clearly documented config customization and rollout steps.
Popular Skills
Published by @roskva000 on ClawHub
