x-twitter-scraper

Integrates with the X (Twitter) API via Xquik for tweet searches, user lookups, follower extraction, and account monitoring.

Install this skill

or

22/100

Security score

The x-twitter-scraper skill was audited on May 16, 2026 and we found 20 security issues across 4 threat categories, including 1 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 104

Template literal with variable interpolation in command context

SourceSKILL.md

104	const estimate = await fetch(`${BASE}/extractions/estimate`, {

medium line 116

Template literal with variable interpolation in command context

SourceSKILL.md

116	const job = await fetch(`${BASE}/extractions`, {

medium line 123

Template literal with variable interpolation in command context

SourceSKILL.md

123	const page = await fetch(`${BASE}/extractions/${job.id}`, { headers }).then(r => r.json());

medium line 127

Template literal with variable interpolation in command context

SourceSKILL.md

127	const csvResponse = await fetch(`${BASE}/extractions/${job.id}/export?format=csv`, { headers });

medium line 137

Template literal with variable interpolation in command context

SourceSKILL.md

137	const draw = await fetch(`${BASE}/draws`, {

medium line 152

Template literal with variable interpolation in command context

SourceSKILL.md

152	const details = await fetch(`${BASE}/draws/${draw.id}`, { headers }).then(r => r.json());

medium line 172

Template literal with variable interpolation in command context

SourceSKILL.md

172

```json

high line 186

Template literal with variable interpolation in command context

SourceSKILL.md

186	> Security note: The `${XQUIK_API_KEY}` syntax requires your MCP client to support environment variable substitution. If it does not, replace it with your actual key at runtime — but never commit

medium line 3

Webhook reference - potential data exfiltration

SourceSKILL.md

3	description: "Use when the user wants to integrate with the X (Twitter) API via Xquik to search tweets, look up user profiles, extract followers, run giveaway draws, monitor accounts, or access trendi

medium line 8

Webhook reference - potential data exfiltration

SourceSKILL.md

8	You are an expert X (Twitter) data integration specialist. You help users build applications that interact with the X platform through the Xquik API, covering tweet search, user lookups, follower extr

medium line 65

Webhook reference - potential data exfiltration

SourceSKILL.md

65	\| Receive events in real time \| `POST /webhooks` \| HMAC-signed delivery to your HTTPS endpoint \|

medium line 194

Webhook reference - potential data exfiltration

SourceSKILL.md

194	- Real-time alerts: `POST /monitors` → `POST /webhooks` → test webhook delivery

low line 47

Access to .env file

SourceSKILL.md

47	const API_KEY = process.env.XQUIK_API_KEY;

low line 20

External URL reference

SourceSKILL.md

20	- Do you have an Xquik API key? If not, guide them to [xquik.com](https://xquik.com) to create one.

low line 34

External URL reference

SourceSKILL.md

34	\| Base URL \| `https://xquik.com/api/v1` \|

low line 36

External URL reference

SourceSKILL.md

36	\| MCP endpoint \| `https://xquik.com/mcp` (StreamableHTTP, same API key) \|

low line 48

External URL reference

SourceSKILL.md

48	const BASE = "https://xquik.com/api/v1";

low line 141

External URL reference

SourceSKILL.md

141	tweetUrl: "https://x.com/user/status/1893456789012345678",

low line 177

External URL reference

SourceSKILL.md

177	"url": "https://xquik.com/mcp",

low line 208

External URL reference

SourceSKILL.md

208	- Dashboard & API keys: [xquik.com](https://xquik.com)

Scanned on May 16, 2026

View Security Dashboard

Installation guide →

Rate this skill

Categorymarketing

UpdatedJune 15, 2026

openclaw api social-media-manager influencer-marketer marketing-analyst growth-marketer content-marketer marketing

mrarcitech/ClaudeCodeRepo