Access X from the CLI for posting, search, DMs, and API calls.
The materials indicate an open-source, highly adopted prompt-only skill/documentation wrapper with strong source credibility. No environment variables or fixed remote hosts are declared, but its functionality involves authenticated X API actions, posting, DMs, and media upload, so normal caution is warranted around credentials, data access, and potential network egress.
The README explicitly mentions auth status, app management, and local credential storage in `~/.xurl`, and warns that `--verbose` may expose auth headers, indicating sensitive account tokens/session material are involved. It does not ask users to provide secrets directly in the material, but misuse of logs or local config could leak credentials.
No fixed host is listed, but the stated functionality is to interact with the X API for posting, search, DMs, follows, and raw v2 calls, which by nature sends user content, media, or queries to a relevant remote service. This is normal network behavior for such a tool, and no red flag suggests exfiltration to unrelated or unknown endpoints.
The system flags this as prompt-only; the provided material itself is command and usage documentation and does not require running install scripts, daemons, or extra system commands. Based on the available material, there is no red flag of local code execution beyond normal documentation.
The README explicitly says not to read or expose `~/.xurl` and supports reading/uploading local media files. This indicates access to local credential files and user-specified files, plus operations on X account data (posts, DMs, follow relationships). These accesses are consistent with the stated functionality, with no sign of requesting broader local data permissions.
The source is an open-source GitHub repository with extremely high community adoption (~377k stars), both strong risk-reducing signals. Although the license is unspecified and maintenance status is unknown, creating some governance gaps, the supply-chain posture remains relatively low risk due to auditable source code and strong community signals.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "xurl" skill from askskill: 1. Download https://raw.githubusercontent.com/openclaw/openclaw/main/skills/xurl/SKILL.md 2. Save it as ~/.claude/skills/xurl/SKILL.md 3. Reload skills and tell me it's ready
Use xurl with my authenticated account to publish an X post saying “Our new product launches today—welcome to try it,” then reply to the specified post ID with “Thanks for the feedback, we’ll keep improving.”
Commands or steps to post and reply, plus result status for both actions.
Use xurl to search recent X posts about “AI agents,” filter for high-engagement content, read five posts, and summarize the key points.
Search and read commands, along with post summaries or structured results.
Use xurl to upload a local image to X, and show how to call the raw v2 API to check my auth status and follower information.
Example media upload and raw API requests, with auth status and follower data format details.
Use xurl for X API work. Shortcut commands return JSON; raw mode works for any v2 endpoint.
~/.xurl.--verbose in agent sessions; it can expose auth headers.xurl auth status.xurl post "Hello world!"
xurl reply POST_ID "Nice."
xurl quote POST_ID "My take"
xurl delete POST_ID
xurl read POST_ID
xurl search "query" -n 20
xurl whoami
xurl user @handle
xurl timeline -n 20
xurl mentions -n 10
xurl like POST_ID
xurl unlike POST_ID
xurl repost POST_ID
xurl unrepost POST_ID
xurl bookmark POST_ID
xurl unbookmark POST_ID
xurl followers -n 20
xurl following -n 20
xurl follow @handle
xurl unfollow @handle
xurl block @handle
xurl unblock @handle
xurl mute @handle
xurl unmute @handle
xurl dm @handle "message"
xurl dms -n 10
POST_ID can be a full https://x.com/<user>/status/<id> URL.
xurl media upload image.jpg
xurl media upload clip.mp4
xurl media status MEDIA_ID
xurl post "caption" --media-id MEDIA_ID
Videos may need processing; poll media status.
xurl auth status
xurl auth apps list
xurl auth default
xurl auth default APP_NAME USERNAME
xurl auth apps remove APP_NAME
Per request:
xurl --app APP_NAME /2/users/me
xurl --auth oauth2 /2/users/me
xurl /2/users/me
xurl -X POST /2/tweets -d '{"text":"Hello world!"}'
xurl '/2/tweets/search/recent?query=openclaw&max_results=10'
Use raw mode when shortcuts do not cover the endpoint. Keep payloads in temp files for complex JSON.
xurl auth status.Create and review technical docs and agent instruction files in repositories.
Verify an OpenClaw release is fully published and working across all channels.
Fetch GitHub issues, create fixes, open PRs, and handle reviews.
Convert text to speech locally and offline with sherpa-onnx, no cloud needed.
Regenerate OpenClaw release changelog sections from Git history before releases.
Navigate Feishu knowledge bases and surface relevant wiki pages and links.
Post, search, read timelines, and analyze data via the X API.
Convert X posts into JSON, PDFs, images, Markdown, or chat messages.
Read public X profiles, tweets, and search results without official API costs.
Search public X/Twitter posts and retrieve tweet details through a read-only MCP tool.
Search Xiaohongshu notes, trends, comments, profiles, and transcripts for insights.
Post, read, search, and analyze X data through the Twitter API.