A Model Context Protocol (MCP) server that integrates with X using the @elizaOS `agent-twitter-client` package, allowing AI models to interact with Twitter without direct API access.
Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.
Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths
Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection
hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection
Hono: bodyLimit() can be bypassed for chunked / unknown-length requests
Hono: JWT middleware accepts any Authorization scheme, not only Bearer
process.env. You'll be asked to provide them before it can run.AUTH_METHOD— "": "cookies",DISABLE_HTTP_SERVERLOG_LEVEL— Set logging level (error, warn, info, debug)PORT— Set the environment variable:RUN_INTEGRATION_TESTSRUN_WRITE_TESTSTWITTER_2FA_SECRET— "": "your_2fa_secret" // Optional, required if 2FA is enabledTWITTER_ACCESS_TOKEN— "": "your_access_token",TWITTER_ACCESS_TOKEN_SECRET— "": "your_access_token_secret"TWITTER_API_KEY— "": "your_api_key",TWITTER_API_SECRET_KEY— "": "your_api_secret_key",TWITTER_COOKIES— "": "[\"auth_token=YOUR_AUTH_TOKEN; Domain=.twitter.com\", \"ct0=YOUR_CT0_VALUE; Domain=.twitter.com\", \"twid=u%3DYOUR_USER_ID; Domain=.twitter.com\"]"TWITTER_EMAIL— "": "your_email@example.com", // OptionalTWITTER_PASSWORD— "": "your_password",TWITTER_USERNAME— "": "your_username",[](https://m8ven.ai/mcp/ryanmac-agent-twitter-client-mcp-aguuh8)