x-mcp-server
Provides a Model Context Protocol (MCP) server over stdio (stdin/stdout) that exposes X/Twitter functionality as MCP tools, including basic user lookup, tweet retrieval/search, and (per README) posting with OAuth 1.0a/Bearer-token-style configuration via environment variables.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
README claims HTTPS for all HTTP requests and that API credentials are never logged/exposed. Auth appears to be token-based (bearer/OAuth1.0a) without documented fine-grained MCP tool scopes or least-privilege controls. No mention of secret rotation, audit logging, or runtime protection against prompt/tool misuse.
⚡ Reliability
Best When
You want a lightweight MCP integration to query X data via standard tool calls from an MCP client, and you can manage X rate limits externally.
Avoid When
You need guaranteed idempotency for write operations, strong OAuth scoping controls, documented pagination/cursor handling, or a fully specified/typed API contract beyond the README.
Use Cases
- • Integrate X/Twitter search and read-only tweet/user data into any MCP-compatible AI agent
- • Build agent workflows that fetch user profiles, user timelines, and specific tweets
- • Prototype social listening or content research using MCP tool calls
- • Optionally post tweets from an agent (per README)
Not For
- • High-throughput production systems needing first-class rate-limit enforcement
- • Use cases requiring strong/role-based authorization beyond a single bearer token
- • Compliance-sensitive environments needing documented audit logging/controls
- • Teams that require stable pagination semantics and robust cursor-based iteration
Interface
Authentication
README presents configuration as environment variables for OAuth 1.0a credentials, while also mentioning a 'Simple Bearer Token Authentication' feature and a separate required env var table for X_BEARER_TOKEN. No fine-grained scopes/permissions model is documented for the MCP layer.
Pricing
No product pricing described; cost is primarily external (X API access/rate limits).
Agent Metadata
Known Gotchas
- ⚠ Server does not implement rate limiting (per README); agents must throttle to X API limits.
- ⚠ Pagination/cursor handling is not described; tools like search/timeline rely on max_results without documented iteration strategy.
- ⚠ Auth configuration appears potentially inconsistent in README (bearer token vs OAuth 1.0a env vars); verify which credentials the MCP server actually uses.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for x-mcp-server.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-04-04.