74
/ 100
1 month ago
github_topic

agent-twitter-client-mcp

A Model Context Protocol (MCP) server that integrates with X using the @elizaOS `agent-twitter-client` package, allowing AI models to interact with Twitter without direct API access.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 6 credentials: TWITTER_2FA_SECRET, TWITTER_ACCESS_TOKEN, TWITTER_ACCESS_TOKEN_SECRET, TWITTER_API_KEY, TWITTER_API_SECRET_KEY, TWITTER_PASSWORD
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// known CVEs in dependencies9 low

Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.

lowhono@4.12.14GHSA-2gcr-mfcq-wcc3

Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

lowhono@4.12.14GHSA-3hrh-pfw6-9m5x

Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection

lowhono@4.12.14GHSA-69xw-7hcm-h432

hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection

lowhono@4.12.14GHSA-9vqf-7f2p-gf9v

Hono: bodyLimit() can be bypassed for chunked / unknown-length requests

lowhono@4.12.14GHSA-f577-qrjj-4474

Hono: JWT middleware accepts any Authorization scheme, not only Bearer

Depend on this server? Get alerted when its CVEs change.Watch this server free →
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configAUTH_METHOD"": "cookies",
configDISABLE_HTTP_SERVER
configLOG_LEVELSet logging level (error, warn, info, debug)
configPORTSet the environment variable:
configRUN_INTEGRATION_TESTS
configRUN_WRITE_TESTS
🔐 secretTWITTER_2FA_SECRET"": "your_2fa_secret" // Optional, required if 2FA is enabled
🔐 secretTWITTER_ACCESS_TOKEN"": "your_access_token",
🔐 secretTWITTER_ACCESS_TOKEN_SECRET"": "your_access_token_secret"
🔐 secretTWITTER_API_KEY"": "your_api_key",
🔐 secretTWITTER_API_SECRET_KEY"": "your_api_secret_key",
configTWITTER_COOKIES"": "[\"auth_token=YOUR_AUTH_TOKEN; Domain=.twitter.com\", \"ct0=YOUR_CT0_VALUE; Domain=.twitter.com\", \"twid=u%3DYOUR_USER_ID; Domain=.twitter.com\"]"
configTWITTER_EMAIL"": "your_email@example.com", // Optional
🔐 secretTWITTER_PASSWORD"": "your_password",
configTWITTER_USERNAME"": "your_username",
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 1 concrete improvement we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/ryanmac-agent-twitter-client-mcp-aguuh8)](https://m8ven.ai/mcp/ryanmac-agent-twitter-client-mcp-aguuh8)
commit: 9d32c2a1c59360028ff22e685b9d0752c51d93c1
code hash: bdaf590a30e0bb1e22bc4fd3d4ab579d5db93a4e04befe916e079235c3f32cc3
verified: 6/15/2026, 1:24:21 PM
view raw JSON →