Skip to main content
Glama
MunhoLau

twitter-mcp-secure

by MunhoLau

Twitter MCP Server (Secure Fork)

Security-hardened fork of EnesCinr/twitter-mcp. Fixes sensitive content leakage in stderr logs.

This MCP server allows Clients to interact with X.com (Twitter).

Changes from upstream

  • Core fix: console.error no longer logs tweet content during normal post_tweet / search_tweets operations

  • Residual fix: error handlers sanitized — log only error.message, not the full error object (prevents API response payload leakage on errors)

Related MCP server: x-post-mcp

Security Review

A full security review identified and closed residual log-leak vectors. See PR #1 for details.

Quick Start

  1. Get API keys from Twitter Developer Portal

  2. Add this to Claude Desktop config:

{
  "mcpServers": {
    "twitter-mcp-secure": {
      "command": "node",
      "args": ["build/index.js"],
      "env": {
        "API_KEY": "your_key",
        "API_SECRET_KEY": "your_key",
        "ACCESS_TOKEN": "your_key",
        "ACCESS_TOKEN_SECRET": "your_key"
      }
    }
  }
}
  1. Restart Claude Desktop

Development

git clone https://github.com/MunhoLau/twitter-mcp-secure.git
cd twitter-mcp-secure
npm install && npm run build && npm start

Credit

Forked from EnesCinr/twitter-mcp

License

MIT

A
license - permissive license
-
quality - not tested
C
maintenance

Maintenance

Maintainers
Response time
Release cycle
Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/MunhoLau/twitter-mcp-secure'

If you have feedback or need assistance with the MCP directory API, please join our Discord server