How Xurl fits into a Paperclip company.

Xurl drops into any Paperclip agent that handles this kind of work. Assign it to a specialist inside a pre-configured PaperclipOrg company and the skill becomes available on every heartbeat — no prompt engineering, no tool wiring.
SaaS FactoryPaired
Pre-configured AI company — 18 agents, 18 skills, one-time purchase.
$27$59
Explore pack
Source file
SKILL.md461 linesmarkdown
Expand
1---2name: xurl3description: A CLI tool for making authenticated requests to the X (Twitter) API. Use this skill when you need to post tweets, reply, quote, search, read posts, manage followers, send DMs, upload media, or interact with any X API v2 endpoint.4metadata:5  {6    "openclaw":7      {8        "emoji": "🐦",9        "requires": { "bins": ["xurl"] },10        "install":11          [12            {13              "id": "brew",14              "kind": "brew",15              "formula": "xdevplatform/tap/xurl",16              "bins": ["xurl"],17              "label": "Install xurl (brew)",18            },19            {20              "id": "npm",21              "kind": "npm",22              "package": "@xdevplatform/xurl",23              "bins": ["xurl"],24              "label": "Install xurl (npm)",25            },26          ],27      },28  }29---30 31# xurl — Agent Skill Reference32 33`xurl` is a CLI tool for the X API. It supports both **shortcut commands** (human/agent‑friendly one‑liners) and **raw curl‑style** access to any v2 endpoint. All commands return JSON to stdout.34 35---36 37## Installation38 39### Homebrew (macOS)40 41```bash42brew install --cask xdevplatform/tap/xurl43```44 45### npm46 47```bash48npm install -g @xdevplatform/xurl49```50 51### Shell script52 53```bash54curl -fsSL https://raw.githubusercontent.com/xdevplatform/xurl/main/install.sh | bash55```56 57Installs to `~/.local/bin`. If it's not in your PATH, the script will tell you what to add.58 59### Go60 61```bash62go install github.com/xdevplatform/xurl@latest63```64 65---66 67## Prerequisites68 69This skill requires the `xurl` CLI utility: <https://github.com/xdevplatform/xurl>.70 71Before using any command you must be authenticated. Run `xurl auth status` to check.72 73### Secret Safety (Mandatory)74 75- Never read, print, parse, summarize, upload, or send `~/.xurl` (or copies of it) to the LLM context.76- Never ask the user to paste credentials/tokens into chat.77- The user must fill `~/.xurl` with required secrets manually on their own machine.78- Do not recommend or execute auth commands with inline secrets in agent/LLM sessions.79- Warn that using CLI secret options in agent sessions can leak credentials (prompt/context, logs, shell history).80- Never use `--verbose` / `-v` in agent/LLM sessions; it can expose sensitive headers/tokens in output.81- Sensitive flags that must never be used in agent commands: `--bearer-token`, `--consumer-key`, `--consumer-secret`, `--access-token`, `--token-secret`, `--client-id`, `--client-secret`.82- To verify whether at least one app with credentials is already registered, run: `xurl auth status`.83 84### Register an app (recommended)85 86App credential registration must be done manually by the user outside the agent/LLM session.87After credentials are registered, authenticate with:88 89```bash90xurl auth oauth291```92 93For multiple pre-configured apps, switch between them:94 95```bash96xurl auth default prod-app          # set default app97xurl auth default prod-app alice    # set default app + user98xurl --app dev-app /2/users/me      # one-off override99```100 101### Other auth methods102 103Examples with inline secret flags are intentionally omitted. If OAuth1 or app-only auth is needed, the user must run those commands manually outside agent/LLM context.104 105Tokens are persisted to `~/.xurl` in YAML format. Each app has its own isolated tokens. Do not read this file through the agent/LLM. Once authenticated, every command below will auto‑attach the right `Authorization` header.106 107---108 109## Quick Reference110 111| Action                    | Command                                               |112| ------------------------- | ----------------------------------------------------- |113| Post                      | `xurl post "Hello world!"`                            |114| Reply                     | `xurl reply POST_ID "Nice post!"`                     |115| Quote                     | `xurl quote POST_ID "My take"`                        |116| Delete a post             | `xurl delete POST_ID`                                 |117| Read a post               | `xurl read POST_ID`                                   |118| Search posts              | `xurl search "QUERY" -n 10`                           |119| Who am I                  | `xurl whoami`                                         |120| Look up a user            | `xurl user @handle`                                   |121| Home timeline             | `xurl timeline -n 20`                                 |122| Mentions                  | `xurl mentions -n 10`                                 |123| Like                      | `xurl like POST_ID`                                   |124| Unlike                    | `xurl unlike POST_ID`                                 |125| Repost                    | `xurl repost POST_ID`                                 |126| Undo repost               | `xurl unrepost POST_ID`                               |127| Bookmark                  | `xurl bookmark POST_ID`                               |128| Remove bookmark           | `xurl unbookmark POST_ID`                             |129| List bookmarks            | `xurl bookmarks -n 10`                                |130| List likes                | `xurl likes -n 10`                                    |131| Follow                    | `xurl follow @handle`                                 |132| Unfollow                  | `xurl unfollow @handle`                               |133| List following            | `xurl following -n 20`                                |134| List followers            | `xurl followers -n 20`                                |135| Block                     | `xurl block @handle`                                  |136| Unblock                   | `xurl unblock @handle`                                |137| Mute                      | `xurl mute @handle`                                   |138| Unmute                    | `xurl unmute @handle`                                 |139| Send DM                   | `xurl dm @handle "message"`                           |140| List DMs                  | `xurl dms -n 10`                                      |141| Upload media              | `xurl media upload path/to/file.mp4`                  |142| Media status              | `xurl media status MEDIA_ID`                          |143| **App Management**        |                                                       |144| Register app              | Manual, outside agent (do not pass secrets via agent) |145| List apps                 | `xurl auth apps list`                                 |146| Update app creds          | Manual, outside agent (do not pass secrets via agent) |147| Remove app                | `xurl auth apps remove NAME`                          |148| Set default (interactive) | `xurl auth default`                                   |149| Set default (command)     | `xurl auth default APP_NAME [USERNAME]`               |150| Use app per-request       | `xurl --app NAME /2/users/me`                         |151| Auth status               | `xurl auth status`                                    |152 153> **Post IDs vs URLs:** Anywhere `POST_ID` appears above you can also paste a full post URL (e.g. `https://x.com/user/status/1234567890`) — xurl extracts the ID automatically.154 155> **Usernames:** Leading `@` is optional. `@elonmusk` and `elonmusk` both work.156 157---158 159## Command Details160 161### Posting162 163```bash164# Simple post165xurl post "Hello world!"166 167# Post with media (upload first, then attach)168xurl media upload photo.jpg          # → note the media_id from response169xurl post "Check this out" --media-id MEDIA_ID170 171# Multiple media172xurl post "Thread pics" --media-id 111 --media-id 222173 174# Reply to a post (by ID or URL)175xurl reply 1234567890 "Great point!"176xurl reply https://x.com/user/status/1234567890 "Agreed!"177 178# Reply with media179xurl reply 1234567890 "Look at this" --media-id MEDIA_ID180 181# Quote a post182xurl quote 1234567890 "Adding my thoughts"183 184# Delete your own post185xurl delete 1234567890186```187 188### Reading189 190```bash191# Read a single post (returns author, text, metrics, entities)192xurl read 1234567890193xurl read https://x.com/user/status/1234567890194 195# Search recent posts (default 10 results)196xurl search "golang"197xurl search "from:elonmusk" -n 20198xurl search "#buildinpublic lang:en" -n 15199```200 201### User Info202 203```bash204# Your own profile205xurl whoami206 207# Look up any user208xurl user elonmusk209xurl user @XDevelopers210```211 212### Timelines & Mentions213 214```bash215# Home timeline (reverse chronological)216xurl timeline217xurl timeline -n 25218 219# Your mentions220xurl mentions221xurl mentions -n 20222```223 224### Engagement225 226```bash227# Like / unlike228xurl like 1234567890229xurl unlike 1234567890230 231# Repost / undo232xurl repost 1234567890233xurl unrepost 1234567890234 235# Bookmark / remove236xurl bookmark 1234567890237xurl unbookmark 1234567890238 239# List your bookmarks / likes240xurl bookmarks -n 20241xurl likes -n 20242```243 244### Social Graph245 246```bash247# Follow / unfollow248xurl follow @XDevelopers249xurl unfollow @XDevelopers250 251# List who you follow / your followers252xurl following -n 50253xurl followers -n 50254 255# List another user's following/followers256xurl following --of elonmusk -n 20257xurl followers --of elonmusk -n 20258 259# Block / unblock260xurl block @spammer261xurl unblock @spammer262 263# Mute / unmute264xurl mute @annoying265xurl unmute @annoying266```267 268### Direct Messages269 270```bash271# Send a DM272xurl dm @someuser "Hey, saw your post!"273 274# List recent DM events275xurl dms276xurl dms -n 25277```278 279### Media Upload280 281```bash282# Upload a file (auto‑detects type for images/videos)283xurl media upload photo.jpg284xurl media upload video.mp4285 286# Specify type and category explicitly287xurl media upload --media-type image/jpeg --category tweet_image photo.jpg288 289# Check processing status (videos need server‑side processing)290xurl media status MEDIA_ID291xurl media status --wait MEDIA_ID    # poll until done292 293# Full workflow: upload then post294xurl media upload meme.png           # response includes media id295xurl post "lol" --media-id MEDIA_ID296```297 298---299 300## Global Flags301 302These flags work on every command:303 304| Flag         | Short | Description                                                        |305| ------------ | ----- | ------------------------------------------------------------------ |306| `--app`      |       | Use a specific registered app for this request (overrides default) |307| `--auth`     |       | Force auth type: `oauth1`, `oauth2`, or `app`                      |308| `--username` | `-u`  | Which OAuth2 account to use (if you have multiple)                 |309| `--verbose`  | `-v`  | Forbidden in agent/LLM sessions (can leak auth headers/tokens)     |310| `--trace`    | `-t`  | Add `X-B3-Flags: 1` trace header                                   |311 312---313 314## Raw API Access315 316The shortcut commands cover the most common operations. For anything else, use xurl's raw curl‑style mode — it works with **any** X API v2 endpoint:317 318```bash319# GET request (default)320xurl /2/users/me321 322# POST with JSON body323xurl -X POST /2/tweets -d '{"text":"Hello world!"}'324 325# PUT, PATCH, DELETE326xurl -X DELETE /2/tweets/1234567890327 328# Custom headers329xurl -H "Content-Type: application/json" /2/some/endpoint330 331# Force streaming mode332xurl -s /2/tweets/search/stream333 334# Full URLs also work335xurl https://api.x.com/2/users/me336```337 338---339 340## Streaming341 342Streaming endpoints are auto‑detected. Known streaming endpoints include:343 344- `/2/tweets/search/stream`345- `/2/tweets/sample/stream`346- `/2/tweets/sample10/stream`347 348You can force streaming on any endpoint with `-s`:349 350```bash351xurl -s /2/some/endpoint352```353 354---355 356## Output Format357 358All commands return **JSON** to stdout, pretty‑printed with syntax highlighting. The output structure matches the X API v2 response format. A typical response looks like:359 360```json361{362  "data": {363    "id": "1234567890",364    "text": "Hello world!"365  }366}367```368 369Errors are also returned as JSON:370 371```json372{373  "errors": [374    {375      "message": "Not authorized",376      "code": 403377    }378  ]379}380```381 382---383 384## Common Workflows385 386### Post with an image387 388```bash389# 1. Upload the image390xurl media upload photo.jpg391# 2. Copy the media_id from the response, then post392xurl post "Check out this photo!" --media-id MEDIA_ID393```394 395### Reply to a conversation396 397```bash398# 1. Read the post to understand context399xurl read https://x.com/user/status/1234567890400# 2. Reply401xurl reply 1234567890 "Here are my thoughts..."402```403 404### Search and engage405 406```bash407# 1. Search for relevant posts408xurl search "topic of interest" -n 10409# 2. Like an interesting one410xurl like POST_ID_FROM_RESULTS411# 3. Reply to it412xurl reply POST_ID_FROM_RESULTS "Great point!"413```414 415### Check your activity416 417```bash418# See who you are419xurl whoami420# Check your mentions421xurl mentions -n 20422# Check your timeline423xurl timeline -n 20424```425 426### Set up multiple apps427 428```bash429# App credentials must already be configured manually outside agent/LLM context.430# Authenticate users on each pre-configured app431xurl auth default prod432xurl auth oauth2                       # authenticates on prod app433 434xurl auth default staging435xurl auth oauth2                       # authenticates on staging app436 437# Switch between them438xurl auth default prod alice           # prod app, alice user439xurl --app staging /2/users/me         # one-off request against staging440```441 442---443 444## Error Handling445 446- Non‑zero exit code on any error.447- API errors are printed as JSON to stdout (so you can still parse them).448- Auth errors suggest re‑running `xurl auth oauth2` or checking your tokens.449- If a command requires your user ID (like, repost, bookmark, follow, etc.), xurl will automatically fetch it via `/2/users/me`. If that fails, you'll see an auth error.450 451---452 453## Notes454 455- **Rate limits:** The X API enforces rate limits per endpoint. If you get a 429 error, wait and retry. Write endpoints (post, reply, like, repost) have stricter limits than read endpoints.456- **Scopes:** OAuth 2.0 tokens are requested with broad scopes. If you get a 403 on a specific action, your token may lack the required scope — re‑run `xurl auth oauth2` to get a fresh token.457- **Token refresh:** OAuth 2.0 tokens auto‑refresh when expired. No manual intervention needed.458- **Multiple apps:** Each app has its own isolated credentials and tokens. Configure credentials manually outside agent/LLM context, then switch with `xurl auth default` or `--app`.459- **Multiple accounts:** You can authenticate multiple OAuth 2.0 accounts per app and switch between them with `--username` / `-u` or set a default with `xurl auth default APP USER`.460- **Default user:** When no `-u` flag is given, xurl uses the default user for the active app (set via `xurl auth default`). If no default user is set, it uses the first available token.461- **Token storage:** `~/.xurl` is YAML. Each app stores its own credentials and tokens. Never read or send this file to LLM context.
Related skills
1password

Install 1password skill for Claude Code from steipete/clawdis.
Apple Notes

Install Apple Notes skill for Claude Code from steipete/clawdis.
Apple Reminders

Install Apple Reminders skill for Claude Code from steipete/clawdis.