Set up and authenticate the Xpoz MCP server for social media intelligence. Required by all Xpoz skills. Handles server configuration, OAuth login, and connection verification with minimal user interac
Real data. Real impact.
Growing
Developers
Per week
Open source
Skills give you superpowers. Install in 30 seconds.
Automatic MCP server setup and authentication for Xpoz — the social intelligence platform.
This skill is a prerequisite for all Xpoz skills. It configures the Xpoz MCP server and handles OAuth login so your agent can access Twitter, Instagram, TikTok, and Reddit data.
If you're an agent reading this, follow these steps in order. The user should not need to run any commands.
mcporter call xpoz.checkAccessKeyStatus
hasAccessKey: truefalsewhich mcporter
If not found, stop and inform the user. mcporter is included with OpenClaw — if it's missing, the OpenClaw installation may be incomplete. Do not install mcporter independently. Tell the user:
"mcporter is required but not found. It's included with OpenClaw — please ensure OpenClaw is properly installed."
mcporter config add xpoz https://mcp.xpoz.ai/mcp --auth oauth
This registers Xpoz as a remote HTTP MCP server with OAuth authentication. mcporter auto-discovers the OAuth endpoints from
https://mcp.xpoz.ai/.well-known/oauth-authorization-serverIf the server already exists but auth failed, skip this step.
Determine whether you're running on a local machine with a browser or a remote/headless server:
# Check for display server (Linux) or macOS echo "DISPLAY=${DISPLAY:-unset} WAYLAND=${WAYLAND_DISPLAY:-unset} OS=$(uname)"
Local machine = any of these is true:
$DISPLAY$WAYLAND_DISPLAYunameDarwinRemote/headless = none of the above.
Then follow the appropriate flow:
mcporter config login xpoz
mcporter opens the user's default browser, the user authorizes, the callback completes automatically. Tell the user:
"I'm connecting you to Xpoz for social media intelligence. A browser window should open — just sign in with your Google account and click Authorize. That's all you need to do!"
Then skip to Step 5.
On a headless server,
mcporter config login xpozRun this script to generate the OAuth authorization URL with PKCE:
bash "$(dirname "$0")/../xpoz-setup/scripts/oauth-remote.sh" get-url
Or if the script isn't available, build it manually:
import secrets, hashlib, base64, urllib.parse, osos.makedirs(os.path.expanduser('~/.cache/xpoz-oauth'), exist_ok=True)
Generate PKCE
verifier = secrets.token_urlsafe(64) challenge = base64.urlsafe_b64encode(hashlib.sha256(verifier.encode()).digest()).rstrip(b'=').decode() state = secrets.token_urlsafe(32)
params = { 'response_type': 'code', 'code_challenge': challenge, 'code_challenge_method': 'S256', 'redirect_uri': 'https://www.xpoz.ai/oauth/openclaw', 'state': state, 'scope': 'mcp:tools', 'resource': 'https://mcp.xpoz.ai/', }
Step 1: Dynamic client registration
import json, urllib.request reg_req = urllib.request.Request( 'https://mcp.xpoz.ai/oauth/register', data=json.dumps({ 'client_name': 'OpenClaw Agent', 'redirect_uris': ['https://www.xpoz.ai/oauth/openclaw'], 'grant_types': ['authorization_code'], 'response_types': ['code'], 'token_endpoint_auth_method': 'none', }).encode(), headers={'Content-Type': 'application/json'}, ) reg_resp = json.loads(urllib.request.urlopen(reg_req).read()) params['client_id'] = reg_resp['client_id']
auth_url = 'https://mcp.xpoz.ai/oauth/authorize?' + urllib.parse.urlencode(params)
Save state for later token exchange
with open(os.path.expanduser('~/.cache/xpoz-oauth/state.json'), 'w') as f: json.dump({'verifier': verifier, 'state': state, 'client_id': reg_resp['client_id'], 'redirect_uri': params['redirect_uri']}, f)
print(auth_url)
Send the authorization URL to the user via the active chat channel with a message like:
"I need to connect to Xpoz for social media search. Please open this link and sign in with your Google account:
[authorization URL]
After you authorize, Xpoz will show you an authorization code. Just paste it back to me here!"
STOP here and wait. Do not proceed until the user replies with the authorization code. The user needs time to open the link, sign in, and authorize. Only continue once they paste the code back in chat.
The user will paste back either:
AUTH_CODE_HEREhttps://www.xpoz.ai/oauth/openclaw?code=AUTH_CODE_HERE&state=...If they pasted a URL, extract the
codeRun the exchange script with the code. This exchanges the code for a token and configures mcporter in one step — the token is never printed or exposed:
bash "$(dirname "$0")/../xpoz-setup/scripts/oauth-remote.sh" exchange AUTH_CODE_HERE
Expected output:
OK: Xpoz configured successfullySecurity notes:
~/.cache/xpoz-oauth/state.jsonThen proceed to Step 5 to verify.
mcporter call xpoz.checkAccessKeyStatus
Confirm
hasAccessKey: truemcporter config login xpozSetup is complete. Go back to the skill that referenced this one and continue fulfilling the user's request. Don't make the user wait — they asked you to do something, auth was just a prerequisite.
Xpoz is a remote MCP server for social media intelligence:
Free tier available — no credit card required.
Website: xpoz.ai
Xpoz publishes a standard OAuth 2.1 authorization server metadata document:
GET https://mcp.xpoz.ai/.well-known/oauth-authorization-server
Key endpoints:
https://mcp.xpoz.ai/oauth/authorizehttps://mcp.xpoz.ai/oauth/tokenhttps://mcp.xpoz.ai/oauth/registertoken_endpoint_auth_methods_supportednonemcporter handles all of this automatically — you don't need to call these endpoints directly.
After setup, the mcporter config will contain:
{ "xpoz": { "transport": "http", "url": "https://mcp.xpoz.ai/mcp" } }
OAuth tokens are managed by mcporter separately from the server config.
| Problem | Solution |
|---|---|
| Ensure OpenClaw is properly installed (mcporter is included) |
| Browser doesn't open | Headless server — capture the URL from stdout and send to user |
| "Unauthorized" after login | |
| Auth times out | User may not have completed the browser flow — resend the URL |
| Server already exists | Skip Step 3, just run Step 4 |
| Plan | Price | Includes |
|---|---|---|
| Free | $0/mo | Limited searches, all platforms |
| Pro | $20/mo | Unlimited searches |
| Max | $200/mo | Unlimited + priority + bulk export |
Details: xpoz.ai
Built for ClawHub • Prerequisite for all Xpoz skills
No automatic installation available. Please visit the source repository for installation instructions.
View Installation Instructions
1,500+ AI skills, agents & workflows. Install in 30 seconds. Part of the Torly.ai family.
© 2026 Torly.ai. All rights reserved.