hermes-tweet
Use Xquik from Hermes Agent for X search, posting, replies, likes, retweets, follows, DMs, monitors, extraction jobs, draws, media, and trends.
Allowed Tools
No tools specified
Provided by Plugin
hermes-tweet
Native Hermes Agent X/Twitter plugin for Xquik automation with read-first workflows and approval-gated actions.
Installation
This skill is included in the hermes-tweet plugin:
/plugin install hermes-tweet@claude-code-plugins-plus
Click to copy
Instructions
Hermes Tweet
Use Hermes Tweet when the user wants to automate or inspect X through Xquik.
When to Use
Use this skill for Hermes Agent sessions that need X/Twitter data or controlled
X actions through the Hermes Tweet plugin.
Use this skill especially for social listening, launch monitoring, support
triage, creator research, brand research, giveaway audits, community audits,
and controlled publishing workflows.
Use tweet_explore first when the user asks for a capability, endpoint, route,
or Xquik API surface. Use tweet_read only after a read-only endpoint is known.
Use tweet_action only after the user requests a write, private read, monitor,
webhook, extraction job, giveaway draw, or media operation that requires action
permissions.
Permissions and Capabilities
- Use
tweetexplore,tweetread, andtweet_actiononly through the enabled
Hermes Tweet toolset.
- Network access is limited to catalog-listed Xquik API routes reached by those
tools. Do not create direct HTTP fallbacks.
- Shell access is not part of normal operation. Use Hermes CLI commands only for
the install and registry checks listed in Testing.
- Local file access is not part of normal operation. Do not write reports,
credentials, logs, screenshots, or cached API payloads unless the user asks
for an explicit export workflow.
- Environment access is limited to configuration presence checks for
XQUIKAPIKEY, HERMESTWEETENABLE_ACTIONS, and
HERMESENABLEPROJECT_PLUGINS. Never request or echo their values.
- MCP access is not required.
Workflow
- Use
tweet_exploreto find the endpoint. - Use
tweet_readfor public read-only endpoints. - Use
tweet_actiononly for writes or private reads after stating the exact endpoint and payload.
Decision Rules
- IF the task is endpoint discovery, THEN call
tweet_explorewith a short
query.
- IF the endpoint method is
GETand the catalog does not mark it as an
action, THEN call tweet_read.
- IF the endpoint method is not
GET, or the route touches private account
state, THEN call tweet_action only when actions are enabled and the user has
approved the operation.
- IF
tweet_actionis unavailable or disabled, THEN explain that action tools
are intentionally gated by HERMESTWEETENABLE_ACTIONS=true.
- IF
XQUIKAPIKEYis missing, THEN ask the user to set it in the Hermes
runtime environment without requesting the key value in chat.
- IF Hermes lists the plugin as
not enabled, THEN tell the user to run
hermes plugins enable hermes-tweet or reinstall with --enable.
- IF the plugin is installed as a project-local
.hermes/plugins/copy, THEN
remind the user that Hermes requires HERMESENABLEPROJECT_PLUGINS=true for
trusted repositories.
- IF the task is unattended, scheduled, gateway-driven, or cron-driven, THEN
prefer tweetread and keep tweetaction disabled unless the workflow has a
clear approval step.
- IF the user is in Hermes Desktop with a remote gateway profile, THEN remind
them that Hermes Tweet must be installed, enabled, and configured on the
remote Hermes host where plugin tools execute.
- IF the user uses the Hermes dashboard for gateway administration or
credentials, THEN keep Hermes Tweet secrets in the runtime environment and do
not ask for key values in chat.
Safety
- Never ask for or reveal API keys, signing keys, passwords, cookies, or TOTP secrets.
- Never pass credentials in tool arguments.
- Use only catalog-listed
/api/v1/...endpoints. - Copied endpoint URLs are accepted only when they resolve to catalog-listed paths.
- Do not use account connection, re-authentication, API key, billing, credit top-up, or support-ticket endpoints.
- For posting, deleting, following, DMs, profile changes, monitors, webhooks, extraction jobs, and draws, summarize the action before calling
tweet_action.
Known Risks and Mitigations
- Risk: A broad X/Twitter request may map to a write-capable route.
Mitigation: Start with tweetexplore, prefer tweetread, and require a
user-approved endpoint plus payload before tweet_action.
- Risk: Secrets may be pasted into chat or examples.
Mitigation: Ask only for environment configuration, never for key values, and
never put credentials in tool arguments.
- Risk: Endpoint guessing may bypass catalog review.
Mitigation: Accept only catalog-listed /api/v1/... paths and reject direct
HTTP fallbacks.
- Risk: Automated X/Twitter actions can affect real accounts.
Mitigation: Keep HERMESTWEETENABLE_ACTIONS=false by default and summarize
side effects before any account-changing call.
Skill Output
- Output type: endpoint selection, API-result summaries, action previews, and
troubleshooting guidance.
- Output format: concise Markdown for humans and JSON-like tool payloads for
Hermes Tweet calls.
- Side effects:
tweetexplorehas no external side effects,tweetread
performs authenticated reads, and tweet_action may change account or
workflow state only after explicit approval.
Pitfalls
- Do not guess endpoint paths. Always use the catalog returned by
tweet_explore. - Do not treat a slash command prompt as proof that Hermes registered the
command. Verify slash commands through an active Hermes session or plugin
registry test.
- Do not use bare
hermes toolsfor scripted diagnostics. Run
hermes tools list instead.
- Do not assume installation means execution. Current Hermes Agent versions
discover third-party plugins before they are enabled.
- Do not assume the Desktop app stores plugin secrets for a remote gateway.
Configure XQUIKAPIKEY where the Hermes runtime executes.
- Do not retry writes through alternate routes after a policy, auth, or account
state error.
- Do not include secrets in examples, logs, prompts, issue bodies, or tool input.
Hermes Agent v0.16.0 Surfaces
Hermes Agent v0.16.0 added a native Desktop app, remote gateway profiles, a
larger web dashboard, and a command palette that can surface skills and quick
commands. Hermes Tweet uses the same plugin entry point on all of those
surfaces:
- Install and enable
hermes-tweeton the Hermes runtime host. - Put
XQUIKAPIKEYin the runtime environment or~/.hermes/.env. - Keep
HERMESTWEETENABLE_ACTIONS=falseunless the session intentionally
allows account-changing actions.
- Use Desktop, TUI, CLI, or gateway sessions for interactive slash commands such
as /xstatus and /xtrends.
Examples
Search tweets:
{"query":"tweet search","method":"GET"}
Then call:
{"path":"/api/v1/x/tweets/search","query":{"q":"AI agents","limit":25}}
Post a tweet:
{"query":"post tweet","include_actions":true}
Then call tweet_action with:
{"path":"/api/v1/x/tweets","method":"POST","body":{"account":"@example","text":"Hello from Hermes Tweet"},"reason":"Post the user-approved tweet."}
Testing
After installing or upgrading the plugin in Hermes Agent:
- Run
hermes plugins enable hermes-tweetunless the install used--enable. - Run
hermes plugins listand confirm the plugin isenabled. - Run
hermes tools listand confirm thehermes-tweettoolset is enabled. - Confirm
tweetexploreis available withoutXQUIKAPI_KEY. - Confirm
tweetreadappears only whenXQUIKAPI_KEYis configured. - Confirm
tweetactionstays hidden or disabled unlessHERMESTWEETENABLEACTIONS=true.
Useful CLI checks:
hermes plugins enable hermes-tweet
hermes tools list
Release Trust Gate
Before presenting this skill as NVIDIA-verified or ready for broad enterprise
deployment:
- Run SkillSpector against the complete skill directory and resolve critical or
high findings.
- Complete
skill-card.mdwith owner, license, use case, deployment
geography, risks, references, output shape, and release version.
- Include Tier-3 eval data and
BENCHMARK.mdfor the reviewed release. - Sign the exact reviewed skill directory and publish
skill.oms.sig. - Verify the published directory with the expected certificate chain.
Do not claim NVIDIA verification when those release artifacts are absent.
Version History
- Unreleased: Add NVIDIA-style capability declarations, risk controls, output
shape, and release trust gate.
- Unreleased: Refresh current Hermes Agent opt-in plugin lifecycle guidance and
workflow positioning.
- 0.1.6: Refresh catalog wording from current Xquik OpenAPI.
- 0.1.5: Add registry-compatible nested metadata and clearer Hermes runtime guidance.
- 0.1.4: Add public registry frontmatter for skill directory discovery.