agentskill.sh
secured
x-api
X/Twitter API integration for posting tweets, threads, reading timelines, search, and analytics. Covers OAuth auth patterns, rate limits, and platform-native content posting. Use when the user wants to interact with X programmatically.
Security score
This tab presents tested categories, issue summaries, and source snippets in an audit-style report.
High / Medium / Low
Categories Tested
Instruction boundariesFilesystem writesNetwork referencesPlatform-specific install flowSecrets handling
Security Issues
Medium
File Access
Line 197
Access to .env file
- **Never hardcode tokens.** Use environment variables or `.env` files.
Medium
File Access
Line 198
Access to .env file
- **Never commit `.env` files.** Add to `.gitignore`.
Low
External Calls
Line 40
External URL reference
"https://api.x.com/2/tweets/search/recent",
Low
External Calls
Line 77
External URL reference
"https://api.x.com/2/tweets",
Low
External Calls
Line 94
External URL reference
resp = oauth.post("https://api.x.com/2/tweets", json=payload)
Low
External Calls
Line 106
External URL reference
f"https://api.x.com/2/users/{user_id}/tweets",
Low
External Calls
Line 119
External URL reference
"https://api.x.com/2/tweets/search/recent",
Low
External Calls
Line 133
External URL reference
"https://api.x.com/2/users/by/username/affaanmustafa",
Low
External Calls
Line 146
External URL reference
"https://upload.twitter.com/1.1/media/upload.json",
Low
External Calls
Line 153
External URL reference
"https://api.x.com/2/tweets",
Low
External Calls
Line 183
External URL reference
resp = oauth.post("https://api.x.com/2/tweets", json={"text": content})Mitigations
Review the upstream repository before copying files into a local skills directory.
Confirm install instructions and supported runtimes against SKILL.md instead of a generic readme.