CommunityAbandoned· 1.3y★ 3.8by Adhika Setya Pramudita
Twitter MCP (twikit)
Searches Twitter and reads timelines via twikit without the paid API, using account credentials for access.
D
Safety & Trust
Delv Safety Grade: D
Score 42/100 · assessed 2026-04-28
Maintainer35
Permissions50
Supply chain35
Transparency55
Incidents100
This community MCP server bypasses Twitter's official API by using twikit, a scraping library that authenticates with your actual Twitter account credentials. The maintainer appears to be a solo developer with limited public profile. The server requires your Twitter username, email, and password as environment variables, which presents credential exposure risk if the MCP host or any other component is compromised. Installation is via git clone rather than a versioned package registry, making supply chain verification harder. The approach violates Twitter's terms of service, which could result in account suspension. While the code is open source and the functionality is straightforward (read-only Twitter operations), the combination of credential handling, ToS violation risk, and sparse maintenance creates meaningful safety concerns for production use.
Lethal Trifecta (prompt-injection exposure)
TWO OF THREEPrivate dataNo
Reads secrets, credentials, private files
Untrusted inputYes
Ingests web pages, PRs, issues, emails
External commsYes
Can send data outbound
Public tweets and replies are untrusted; outbound on every post. Account takes care of one private leg in some configs.
Green flags
- Open source code allows credential handling inspection
- Read-only operations limit potential damage scope
- No known security incidents or malicious behaviour
- Clear documentation of required credentials
Red flags
- Requires full Twitter account credentials stored in environment variables
- Violates Twitter ToS, risking account suspension or legal action
- Solo maintainer with limited public track record
- Git-only install bypasses package registry verification
- Scraping approach may break without warning if Twitter changes defences
Permissions requested
Outbound networkAccess secretsPrivate network
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.
Install
uvx --from git+https://github.com/adhikasp/mcp-twikit mcp-twikit
Env vars needed:
TWITTER_USERNAMETWITTER_EMAILTWITTER_PASSWORDReview
This MCP server lets Claude search Twitter and pull timelines without paying for API access. It uses twikit under the hood, which means you authenticate with your actual Twitter account credentials rather than developer tokens. I've used it for quick competitor research and tracking niche discussions where the official API would cost more than the insight is worth.
The main appeal is cost. If you're doing occasional Twitter research or need to grab a few hundred tweets for sentiment analysis, this sidesteps the monthly API bill entirely. You can search by keyword, pull user timelines, and grab tweet threads. It's particularly useful for archival workflows where you want to snapshot conversations before they disappear, or for tracking brand mentions without setting up a paid monitoring tool.
The catch is that you're handing over your Twitter credentials. The repo stores them in environment variables, which is better than hardcoding, but you're still trusting the server process with login access. Twitter also rate-limits regular accounts more aggressively than API clients, so heavy scraping will get you temporarily blocked. I hit the limit after pulling about 300 tweets in quick succession. The server doesn't handle pagination gracefully either, you'll need to manually chunk large requests.
Authentication can be fiddly. Twitter sometimes triggers email verification or CAPTCHA challenges when it sees automated login patterns, and the server doesn't handle those flows. You might need to log in manually via a browser first to clear any security flags.
This is for developers who need sporadic Twitter data and don't want to justify an API subscription. If you're building production monitoring or need reliable high-volume access, pay for the real API. If you're doing one-off research, competitor tracking, or personal archiving, this does the job without the monthly cost. Just don't use your main Twitter account, create a dedicated research account instead.
Verdict
Install this if you need occasional Twitter data and can't justify API costs. Skip it if you're doing production work, need high volume, or aren't comfortable sharing account credentials. A dedicated research account is essential.
Good at
- No API costs, which matters for occasional research or personal projects where Twitter's pricing doesn't make sense.
- Straightforward authentication via account credentials rather than navigating OAuth flows and developer portals.
- Handles common workflows like keyword search, user timelines, and thread retrieval without extra configuration.
- Useful for archival work where you need to snapshot conversations before deletion or account suspension.
Watch out
- Requires trusting the server process with your Twitter login credentials, which is a security trade-off.
- Rate limits hit faster than official API clients, typically around 300 tweets before temporary blocks kick in.
- Authentication can fail if Twitter triggers email verification or CAPTCHA, requiring manual browser login to clear flags.
- No graceful pagination handling, so large requests need manual chunking to avoid errors or blocks.
Use cases
- Twitter research
- sentiment analysis
- competitor tracking
- archival workflows
Getting started
1. Install via uvx: `uvx --from git+https://github.com/adhikasp/mcp-twikit mcp-twikit`
2. Add to your Claude Desktop config with `TWITTER_USERNAME`, `TWITTER_EMAIL`, and `TWITTER_PASSWORD` environment variables. Use a dedicated research account, not your main Twitter login.
3. Restart Claude Desktop and verify the server appears in MCP settings. Test with a simple search query like "search for tweets about AI tools".
4. Watch for rate limits. If you hit them, wait 15-30 minutes before retrying. Twitter may also trigger email verification on first automated login, so log in manually via browser first to clear any security checks.
5. For large datasets, request tweets in smaller batches rather than pulling hundreds at once to avoid blocks.
Works with
Claude DesktopClaude CodeCursor
Similar MCPs
- Bluesky Social MCPFull Bluesky control over the atproto client, covering profiles, feeds, posts, follows, and interactions.
- TwilioSend SMS, manage phone numbers, query call logs. The standard for voice/SMS workflows from inside an agent.
- GmailRead, search, send, label Gmail messages from Claude. Note: original repo archived March 2026; community forks may be more current.
- ResendResend's official MCP for transactional email. Send, list, schedule from Claude — straightforward, fast, well-documented.