# x-twitter-scraper

> X (Twitter) data platform skill for AI coding agents. 121 REST API endpoints, 2 MCP tools, 23 extraction types, HMAC webhooks. Reads from $0.00015/call - 33x cheaper than the official X API. Works wit

- **URL**: https://www.freshcrate.ai/projects/x-twitter-scraper
- **Author**: Xquik-dev
- **Category**: MCP Servers
- **Latest version**: `v2.4.16` (2026-06-05)
- **License**: MIT
- **Source**: https://github.com/Xquik-dev/x-twitter-scraper
- **Homepage**: https://xquik.com
- **Language**: JavaScript
- **GitHub**: 52 stars, 4 forks
- **Registry**: github
- **Tags**: `ai-agent`, `automation`, `cheap-api`, `claude-code`, `codex`, `cursor`, `data-extraction`, `giveaway`, `javascript`

## Description

X (Twitter) data platform skill for AI coding agents. 121 REST API endpoints, 2 MCP tools, 23 extraction types, HMAC webhooks. Reads from $0.00015/call - 33x cheaper than the official X API. Works with Claude Code, Cursor, Codex, Copilot, Windsurf & 40+ agents.

## Recent releases

| Version | Date | Urgency | Changes |
| --- | --- | --- | --- |
| `v2.4.16` | 2026-06-05 | High | Security audit surface cleanup for Skills.sh trust scans.\n\n- Removes direct account-funding, checkout, MPP, and pay-per-use capability wording from skill-facing docs and marketplace descriptors.\n- Clarifies that the installable skill can read credit balance and estimate usage costs, while plan and credit changes remain dashboard-only.\n- Removes stale top-up fields from public type references and changes task-guide metadata to cost confirmation.\n- Adds guard coverage for the Codex plugin ver |
| `v2.4.15` | 2026-05-27 | High | ## Changes  - Hardened the Skills.sh trust-audit surface with explicit untrusted X-content boundary markers and first-party host metadata. - Hardened Socket and Snyk audit surfaces by making account funding and plan changes dashboard-only in the installed skill docs. - Removed top-up, checkout, MPP, billing/payment, and local MCP bridge package references from packaged skill surfaces. - Added native HTTP/OAuth-only MCP transport guidance. - Added the Codex plugin manifest and fixed the Claude pl |
| `v2.4.13` | 2026-05-18 | High | **Full Changelog**: https://github.com/Xquik-dev/x-twitter-scraper/compare/v2.4.12...v2.4.13 |
| `v2.4.12` | 2026-05-10 | High | **Full Changelog**: https://github.com/Xquik-dev/x-twitter-scraper/compare/v2.4.11...v2.4.12 |
| `v2.4.11` | 2026-05-08 | High | Default skills.sh installs now show only the umbrella x-twitter-scraper skill. Workflow-specific skills remain in the repository as internal skills for explicit internal discovery, keeping the one-command setup path focused while preserving advanced workflow material.\n\nValidation:\n- npm run check-versions\n- npx skills add . --list finds 1 public skill\n- INSTALL_INTERNAL_SKILLS=1 npx skills add . --list finds all 41 skills |
| `v2.4.8` | 2026-05-02 | High | Sync public package metadata to the 113-endpoint Xquik API surface. Adds the credit top-up status endpoint reference and refreshes package, skill, registry, and MCP stub metadata. |
| `v2.4.6` | 2026-04-29 | High | **Full Changelog**: https://github.com/Xquik-dev/x-twitter-scraper/compare/v2.4.5...v2.4.6 |
| `v2.4.1` | 2026-04-22 | High | Framework cross-link bump (follow-up to #1998). All version surfaces now aligned: SKILL.md frontmatter, metadata.json, stub-server.mjs, .claude-plugin/plugin.json, .claude-plugin/marketplace.json, openclaw.plugin.json, package.json, server.json. Published to npm as x-developer@2.4.1. |
| `v2.3.0` | 2026-04-13 | High | ## Security  Resolves all 5 findings from the Gen Agent Trust Hub audit (2026-04-13).  ### Credential Handling (CREDENTIALS_UNSAFE) - Add `credentialProxy` and `credentialProxyScope` to security metadata - New "Credential Handling" section with 5 agent rules: confirm before sending, never log/echo/store/reuse credentials, never auto-retry credential endpoints - Security notes on `POST /x/accounts` and `POST /x/accounts/{id}/reauth` endpoints - Remove misleading "never handles raw credentials" cl |
| `v2.2.1` | 2026-04-13 | Medium | ## Fixes  - Resolve all Socket & Snyk audit findings (version consistency, security metadata, endpoint counts) - Surface 9 prompt injection mitigations + 11 payment guardrails in structured frontmatter metadata - Add `contentIsolation`, `contentNeverDrivesToolSelection`, `autonomousPayment: false`, `storedCredentialCharges: false`, `fundTransfers: false`, `localFileAccess: none`, `localNetworkAccess: none` - Declare `XQUIK_WEBHOOK_SECRET` as optional env with per-webhook scope - Remove prompt in |

## Citation

- HTML: https://www.freshcrate.ai/projects/x-twitter-scraper
- Markdown: https://www.freshcrate.ai/projects/x-twitter-scraper.md
- Dependencies JSON: https://www.freshcrate.ai/api/projects/x-twitter-scraper/deps

_Generated by freshcrate.ai. Indexes github releases for AI-agent ecosystem packages._