x-api

Enables programmatic interaction with X (Twitter) for posting tweets, reading timelines, and analytics using OAuth authentication.

Install this skill

81/100

Security score

The x-api skill was audited on Mar 17, 2026 and we found 11 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 197

Access to .env file

SourceSKILL.md

197	- Never hardcode tokens. Use environment variables or `.env` files.

medium line 198

Access to .env file

SourceSKILL.md

198	- Never commit `.env` files. Add to `.gitignore`.

low line 40

External URL reference

SourceSKILL.md

40	"https://api.x.com/2/tweets/search/recent",

low line 77

External URL reference

SourceSKILL.md

77	"https://api.x.com/2/tweets",

low line 94

External URL reference

SourceSKILL.md

94	resp = oauth.post("https://api.x.com/2/tweets", json=payload)

low line 106

External URL reference

SourceSKILL.md

106	f"https://api.x.com/2/users/{user_id}/tweets",

low line 119

External URL reference

SourceSKILL.md

119	"https://api.x.com/2/tweets/search/recent",

low line 133

External URL reference

SourceSKILL.md

133	"https://api.x.com/2/users/by/username/affaanmustafa",

low line 146

External URL reference

SourceSKILL.md

146	"https://upload.twitter.com/1.1/media/upload.json",

low line 153

External URL reference

SourceSKILL.md

153	"https://api.x.com/2/tweets",

low line 183

External URL reference

SourceSKILL.md

183	resp = oauth.post("https://api.x.com/2/tweets", json={"text": content})

Scanned on Mar 17, 2026

View Security Dashboard

Installation guide →

GitHub Stars 78.9K

Rate this skill

Categorymarketing

UpdatedApril 10, 2026

openclaw api social-media-manager content-marketer influencer-marketer marketing

affaan-m/everything-claude-code