@xquik/tweetclaw 1.6.10 → 1.6.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/openclaw.plugin.json +1 -1
- package/package.json +3 -2
- package/skills/tweetclaw/SKILL.md +14 -0
package/openclaw.plugin.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"id": "tweetclaw",
|
|
3
3
|
"name": "TweetClaw",
|
|
4
|
-
"version": "1.6.
|
|
4
|
+
"version": "1.6.12",
|
|
5
5
|
"description": "Post tweets, reply, like, retweet, follow, DM, search, and monitor X/Twitter through structured Xquik endpoints.",
|
|
6
6
|
"skills": ["skills/tweetclaw"],
|
|
7
7
|
"contracts": {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@xquik/tweetclaw",
|
|
3
|
-
"version": "1.6.
|
|
3
|
+
"version": "1.6.12",
|
|
4
4
|
"description": "Post tweets, reply, like, retweet, follow, DM & more from OpenClaw through structured Xquik endpoints.",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"type": "module",
|
|
@@ -32,7 +32,7 @@
|
|
|
32
32
|
},
|
|
33
33
|
"install": {
|
|
34
34
|
"defaultChoice": "npm",
|
|
35
|
-
"npmSpec": "@xquik/tweetclaw@1.6.
|
|
35
|
+
"npmSpec": "@xquik/tweetclaw@1.6.12",
|
|
36
36
|
"minHostVersion": ">=2026.5.4"
|
|
37
37
|
}
|
|
38
38
|
},
|
|
@@ -123,6 +123,7 @@
|
|
|
123
123
|
"vitest": "^3.1.0"
|
|
124
124
|
},
|
|
125
125
|
"overrides": {
|
|
126
|
+
"ip-address": "10.2.0",
|
|
126
127
|
"vite": ">=7.3.2",
|
|
127
128
|
"postcss": ">=8.5.10"
|
|
128
129
|
}
|
|
@@ -124,6 +124,20 @@ Configure the signing key in your OpenClaw plugin config:
|
|
|
124
124
|
{ "tempoSigningKey": "your-66-char-hex-key" }
|
|
125
125
|
```
|
|
126
126
|
|
|
127
|
+
## Safety Rules
|
|
128
|
+
|
|
129
|
+
Use TweetClaw only for user-authorized X/Twitter workflows. Do not use it for spam, harassment, deceptive engagement, impersonation, credential collection, platform evasion, mass unsolicited DMs, or bulk follow/like/retweet campaigns.
|
|
130
|
+
|
|
131
|
+
Before any visible, state-changing, paid, or recurring action, summarize the exact target, account, action, text/media when relevant, and estimated credits, then wait for explicit user confirmation. This includes posting, replying, deleting, liking, retweeting, following, unfollowing, sending DMs, editing profiles, uploading media, creating webhooks, creating monitors, running draws, and starting extraction jobs.
|
|
132
|
+
|
|
133
|
+
For reads that expose private or account-scoped data, such as bookmarks, notifications, timelines, DMs, connected accounts, and account usage, confirm the user owns or is authorized to access the account before showing results. Redact credentials and avoid exposing sensitive personal data unless the user explicitly asks for that specific data.
|
|
134
|
+
|
|
135
|
+
For bulk extraction, draw, or monitor requests, keep limits narrow by default. State the requested limit, estimated cost, and storage or notification behavior. Ask for confirmation again if the user expands the scope, changes the target, or asks for recurring monitoring.
|
|
136
|
+
|
|
137
|
+
For content posting, show the final text and media list before sending. Do not post confidential, proprietary, personal, or third-party private information unless the user explicitly confirms they have the right to publish it. Do not add links, mentions, hashtags, or claims the user did not request.
|
|
138
|
+
|
|
139
|
+
MPP mode is read-only. Never attempt writes, account-backed actions, monitors, webhooks, DMs, profile changes, or uploads when only `tempoSigningKey` is configured. Treat the signing key as sensitive config and never print it.
|
|
140
|
+
|
|
127
141
|
## Tools
|
|
128
142
|
|
|
129
143
|
TweetClaw registers 2 tools for the agent-safe Xquik endpoint catalog:
|