This release fixes issues for SREs watching stability and regressions.
✓ No known CVEs patched in this version
Topics
+14 more
Affected surfaces
Summary
AI summaryUpdated endpoint counts, credit costs, and added security metadata.
Full changelog
Fixes
- Resolve all Socket & Snyk audit findings (version consistency, security metadata, endpoint counts)
- Surface 9 prompt injection mitigations + 11 payment guardrails in structured frontmatter metadata
- Add
contentIsolation,contentNeverDrivesToolSelection,autonomousPayment: false,storedCredentialCharges: false,fundTransfers: false,localFileAccess: none,localNetworkAccess: none - Declare
XQUIK_WEBHOOK_SECRETas optional env with per-webhook scope - Remove prompt injection scanner trigger phrase from defense example
- Fix stale endpoint counts (97, 120 → 122) across all files
- Add API key security guidance to MCP setup guide
- Fix dashboard URLs to
dashboard.xquik.comsubdomain - Update endpoint count 121 → 122 across registry and docs
- Update MPP endpoint count 16 → 32
- Update credit costs 2 → 1 for profiles & followers
- Optimize tool descriptions for Glama TDQS A-grade scoring
- Add verified sandbox constraints to tool descriptions
- Add Glama MCP server score badge and Smithery badge to README
- Add Apify actor status badge to README
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About Xquik-dev/x-twitter-scraper
Remote X (Twitter) MCP server with 121 endpoints via 2 tools. Post tweets, reply, like, retweet, follow, DM, search, extract data, run giveaways, and monitor accounts. StreamableHTTP at xquik.com/mcp with API key auth.
Related context
Beta — feedback welcome: [email protected]