Back to Blog

OpenClaw Twitter Skills: Complete Directory and Setup Guide

OpenTweet Team11 min read
OpenClaw Twitter Skills: Complete Directory and Setup Guide

OpenClaw Twitter Skills: Complete Directory and Setup Guide

ClawHub has over 10,700 skills now. That's a lot of things your AI agent can learn to do.

But when you search "twitter" or "X" on ClawHub, you get dozens of results. Some are legit. Some are abandoned. And some are actively trying to steal your credentials.

This guide covers every skill that lets your OpenClaw agent post to Twitter/X, which one you should actually install, and how to avoid the ones that will ruin your day.

What Are OpenClaw Skills?

Quick refresher if you're new to OpenClaw.

A skill is a SKILL.md file that tells your AI agent how to interact with an external service. It contains instructions, API documentation, configuration details, and examples. When you install a skill, your agent can read it and "learn" how to use that service.

Skills live in ~/.openclaw/skills/. You can install them from ClawHub (the community marketplace) or create your own manually.

# Install a skill from ClawHub
clawhub install publisher/skill-name

# List installed skills
clawhub list

# Remove a skill
clawhub uninstall publisher/skill-name

Skills don't run code on your machine. They're documentation files that your agent reads and follows. The agent then makes API calls, runs commands, or executes code based on what the skill describes.

This is important to understand because it means a malicious skill can't secretly run a keylogger on your machine. But it can trick your agent into sending your API keys to the wrong server. More on that later.

The Official Twitter Skill: opentweet/x-poster

This is the one you want. Published by the OpenTweet team, verified on ClawHub, and used by over 8,000 OpenClaw users.

What it does

The opentweet/x-poster skill gives your agent the ability to:

  • Post tweets to your X account immediately
  • Schedule tweets for any future date and time
  • Create threads (multi-tweet sequences)
  • Bulk create content (up to 50 posts in one API call)
  • Manage existing posts (update drafts, reschedule, delete)
  • Check account status (verify connection, see remaining limits)

Your agent talks to the OpenTweet API, which handles the actual Twitter authentication. Your X credentials never touch OpenClaw.

Install it

clawhub install opentweet-x-poster

Full capabilities

Here's everything the skill exposes to your agent:

Capability API Endpoint Description
Check connection GET /api/v1/me Verify API key works, see limits
Create post POST /api/v1/posts Create one or more draft posts
List posts GET /api/v1/posts View posts by status (draft, scheduled, posted, failed)
Update post PUT /api/v1/posts/:id Edit text of a draft or scheduled post
Delete post DELETE /api/v1/posts/:id Remove a post
Schedule post POST /api/v1/posts/:id/schedule Set a future publish date
Publish post POST /api/v1/posts/:id/publish Push to X immediately
Bulk create POST /api/v1/posts (with array) Create up to 50 posts at once
Create thread POST /api/v1/posts (with is_thread) Multi-tweet threads

Why it's the best choice

  • No Twitter API keys needed. OpenTweet handles the OAuth. You never share your X credentials with your agent.
  • $5.99/month. The Twitter API Basic tier alone is $100/month. OpenTweet includes the API in every plan.
  • Verified publisher on ClawHub. The skill is published by the OpenTweet team with a verified badge. No supply chain risk.
  • Active maintenance. Updated regularly when the API changes. You don't wake up to a broken integration.
  • Rate limit protection. 60 requests/minute, 1,000/day. Your agent can't accidentally burn through your limits.
  • Revocable access. If anything goes wrong, revoke the API key from your OpenTweet dashboard. Your X account stays untouched.

Community Twitter Skills on ClawHub

There are about 30+ community-published skills related to Twitter/X on ClawHub. Here's an honest overview.

The good ones

A handful of community skills are well-made and do specific things:

  • Tweet formatters -- Skills that help your agent format threads, add line breaks, or structure tweet-length content
  • Content repurposers -- Skills that help convert blog posts or articles into tweet-sized chunks
  • Analytics readers -- Skills that parse Twitter analytics exports and summarize performance

These are generally safe because they don't require API credentials. They help your agent with content formatting, not posting.

The risky ones

Some community skills claim to post directly to the Twitter API. These typically require you to:

  1. Provide your Twitter API OAuth tokens as environment variables
  2. Share those tokens with the skill's described API endpoints
  3. Trust that the skill author's server is actually calling Twitter and not logging your credentials

This is where it gets dangerous. A skill can describe any API endpoint it wants. If a skill tells your agent to send your OAuth tokens to https://totally-real-twitter-api.sketchy-domain.com/post, your agent will do it. The agent trusts the skill's documentation.

The numbers

As of February 2026, the ClawHub security team has flagged approximately 20% of all skills on the marketplace for potential security issues. Not all of these are malicious -- some are just poorly written or use insecure patterns. But the number is high enough to be careful.

How to Install the OpenTweet X Poster Skill

Two methods, depending on your preference.

Method 1: ClawHub (Recommended)

The fastest way. One command:

clawhub install opentweet-x-poster

This downloads the skill's SKILL.md file and places it in ~/.openclaw/skills/opentweet-x-poster/.

Then set your API key:

export OPENTWEET_API_KEY="ot_your_key_here"

Done. Your agent now knows how to post to Twitter.

Method 2: Manual Installation

If you prefer not to use ClawHub, or you want to review the skill before installing:

  1. Create the skill directory:
mkdir -p ~/.openclaw/skills/opentweet-x-poster
  1. Download the SKILL.md directly:
curl -o ~/.openclaw/skills/opentweet-x-poster/SKILL.md \
  https://raw.githubusercontent.com/opentweet/openclaw-skill/main/SKILL.md

Or, you can create it from the API documentation. The /api/v1/docs endpoint returns plain-text documentation that's formatted specifically for AI agents to parse. Copy that content into your SKILL.md.

  1. Set your API key:
export OPENTWEET_API_KEY="ot_your_key_here"
  1. Restart OpenClaw (or start a new session). The skill loads automatically.

Configuration

Environment variables

The skill needs one environment variable:

Variable Required Description
OPENTWEET_API_KEY Yes Your API key from opentweet.io (starts with ot_)

Set it in your shell profile (~/.bashrc, ~/.zshrc) for persistence:

echo 'export OPENTWEET_API_KEY="ot_your_key_here"' >> ~/.zshrc
source ~/.zshrc

Or add it to your OpenClaw config file (~/.openclaw/openclaw.json) under the secrets section:

{
  "secrets": {
    "OPENTWEET_API_KEY": "ot_your_key_here"
  }
}

Getting your API key

  1. Go to opentweet.io and sign up (7-day free trial)
  2. Connect your X account during onboarding
  3. Go to Settings > API
  4. Click Generate New Key
  5. Name it something like "OpenClaw Agent"
  6. Copy the key -- it's only shown once

The key starts with ot_ followed by 48 hex characters.

Example Commands

Once the skill is installed, here's what you can tell your agent.

Post a tweet immediately

openclaw "write and publish a tweet about the importance of writing tests"

Your agent generates the content, creates a post via POST /api/v1/posts, and publishes it via POST /api/v1/posts/:id/publish.

Schedule a single tweet

openclaw "write a tweet about developer burnout and schedule it for tomorrow at 9am EST"

The agent handles timezone conversion and calls the schedule endpoint with the correct ISO 8601 date.

Schedule a week of content

openclaw "create 7 tweets about startup lessons, one per day for the next week, posted at 2pm UTC"

The agent generates all 7 tweets and sends them in a single bulk API call:

POST /api/v1/posts
{
  "posts": [
    {"text": "...", "scheduled_date": "2026-02-20T14:00:00Z"},
    {"text": "...", "scheduled_date": "2026-02-21T14:00:00Z"},
    {"text": "...", "scheduled_date": "2026-02-22T14:00:00Z"},
    {"text": "...", "scheduled_date": "2026-02-23T14:00:00Z"},
    {"text": "...", "scheduled_date": "2026-02-24T14:00:00Z"},
    {"text": "...", "scheduled_date": "2026-02-25T14:00:00Z"},
    {"text": "...", "scheduled_date": "2026-02-26T14:00:00Z"}
  ]
}

Create a thread

openclaw "write a 5-tweet thread about why most SaaS products fail in the first year, then publish it"

The agent structures the thread and sends it as:

POST /api/v1/posts
{
  "text": "90% of SaaS products fail within 18 months. After building 5 of them, I think I know why.",
  "is_thread": true,
  "thread_tweets": [
    "Problem 1: They build for a market that doesn't exist...",
    "Problem 2: They optimize for features instead of retention...",
    "Problem 3: They run out of money before they run out of ideas...",
    "The ones that survive do one thing differently: they talk to users before writing a single line of code."
  ]
}

Bulk create from a topic list

openclaw "here are 5 topics. Write one tweet per topic and schedule them for this week:
1. Remote work culture
2. API design
3. Side projects
4. Technical debt
5. Developer hiring"

Review scheduled posts

openclaw "show me all my scheduled tweets for this week"

The agent calls GET /api/v1/posts?status=scheduled and displays the results.

Edit a scheduled post

openclaw "change my tweet about API design to be more specific about REST vs GraphQL"

The agent finds the post, uses PUT /api/v1/posts/:id to update the text.

Security Warning: The ClawHavoc Campaign

In January 2026, the ClawHub security team discovered a coordinated attack now known as the "ClawHavoc" campaign. Over 800 malicious skills were uploaded to ClawHub by a network of fake publisher accounts.

Here's what these skills did:

  1. Credential exfiltration. Skills instructed the agent to send API keys, environment variables, and config file contents to attacker-controlled servers disguised as "analytics endpoints" or "telemetry services."
  2. Prompt injection. Some skills contained hidden instructions that overrode the user's commands, telling the agent to perform actions the user didn't request.
  3. Typosquatting. Malicious skills used names almost identical to popular ones -- openweet/x-poster instead of opentweet/x-poster, for example.

The ClawHub team removed the flagged skills and banned the fake accounts, but the incident highlighted a real risk: installing an unverified skill is like running untrusted code.

How to stay safe

  1. Stick to verified publishers. ClawHub shows a verified badge next to publishers who have been vetted. The opentweet publisher is verified.
  2. Read the SKILL.md before installing. It's just a markdown file. Open it and check which URLs it tells your agent to call. If it points to anything other than the official service domain, don't install it.
  3. Check the publisher's history. A publisher with 1 skill and 0 stars is riskier than one with 20 skills and 5,000 installs.
  4. Use environment variables for secrets. Never put API keys directly in the SKILL.md file. Use env vars that the skill references.
  5. Review what your agent sends. Most OpenClaw implementations let you see the API calls your agent makes. Enable verbose logging for new skills.

Why the OpenTweet Skill Is Safe

Given the ClawHavoc situation, here's specifically why the opentweet/x-poster skill is trustworthy:

  1. Published by a verified developer. The opentweet publisher has been verified by the ClawHub team.
  2. Uses an external managed API. The skill tells your agent to call https://opentweet.io/api/v1/... -- a public, documented API. You can inspect every request.
  3. No direct credential access. Your X/Twitter OAuth tokens live on OpenTweet's servers. The skill only uses an OpenTweet API key (ot_...), which is scoped to posting only. It can't access your X password, DMs, or account settings.
  4. Revocable at any time. If you're concerned, revoke the API key from your OpenTweet dashboard. Instant cutoff, no lingering access.
  5. Open source. The skill's SKILL.md is public on GitHub. You can read every line before installing.
  6. 8,000+ active users. The skill has been widely installed and battle-tested. Security issues would have been caught.

Compare this to a community skill that asks you to paste your Twitter OAuth consumer key, consumer secret, access token, and access token secret into environment variables, then sends them to some unknown server. The risk profile is completely different.

Building Your Own Twitter Skill

If you're an advanced user who wants to customize the skill or build a variant, here's a quick guide.

The SKILL.md format

A skill is a markdown file with these sections:

# Skill Name

Brief description of what this skill does.

## Configuration

Environment variables and setup instructions.

## API Reference

Endpoints, methods, request/response formats.

## Examples

Example prompts and expected agent behavior.

Minimal Twitter posting skill

Here's a bare-bones SKILL.md that teaches your agent to post to X via OpenTweet:

# X Poster via OpenTweet

Post tweets to X/Twitter using the OpenTweet API.

## Configuration

Requires the OPENTWEET_API_KEY environment variable.

## API

Base URL: https://opentweet.io
Auth: Authorization: Bearer $OPENTWEET_API_KEY

### Create a post
POST /api/v1/posts
Body: {"text": "your tweet text"}
Response: {"data": {"id": "post_id"}}

### Publish immediately
POST /api/v1/posts/{id}/publish
Response: {"data": {"status": "posted"}}

### Schedule for later
POST /api/v1/posts/{id}/schedule
Body: {"scheduled_date": "2026-02-24T09:00:00Z"}

### Create a thread
POST /api/v1/posts
Body: {"text": "first tweet", "is_thread": true, "thread_tweets": ["second", "third"]}

## Examples

User: "post a tweet about X"
Agent: Generate tweet text, call POST /api/v1/posts, then POST /api/v1/posts/{id}/publish

Save this as ~/.openclaw/skills/my-twitter-skill/SKILL.md and your agent can use it immediately.

You can extend it with more endpoints (GET /api/v1/posts for listing, PUT for editing, DELETE for removing) and more detailed examples. The more context you give the agent, the better it performs.

Publishing to ClawHub

If you build something useful, you can publish it:

clawhub publish my-twitter-skill

Follow the ClawHub publishing guidelines to get your skill listed. If you want the verified badge, you'll need to go through the verification process.

Quick Start Summary

Here's the full setup in 60 seconds:

# 1. Sign up at opentweet.io and get an API key

# 2. Install the skill
clawhub install opentweet-x-poster

# 3. Set your API key
export OPENTWEET_API_KEY="ot_your_key_here"

# 4. Tell your agent to post
openclaw "schedule 5 tweets about our product for this week"

That's it. Your OpenClaw agent now has a voice on X.

No Twitter API keys. No OAuth setup. No $100/month API bill. No security risks from sharing credentials with your AI agent.

Just a verified skill, a $5.99/month API, and an agent that does what you tell it.

Get your OpenTweet API key -- 7-day free trial, full API access, works with every OpenClaw model. Install the skill and start posting in under 3 minutes.

Start Scheduling Your X Posts Today

Join hundreds of creators using OpenTweet to stay consistent, save time, and grow their audience.

7-day free trial
Only $11.99/mo
Cancel anytime