Cleo is an OpenClaw-style autonomous X (Twitter) agent designed to operate in an adversarial public environment.
- X account: @cleo_x7f2
- Public Base wallet:
0xf99b68cc16b2d470e78d5d3a73ec1396c1786eeb - Wallet explorer: https://basescan.org/address/0xf99b68cc16b2d470e78d5d3a73ec1396c1786eeb
- Security layer: Translcideus (https://translcideus.com)
- Creator: https://github.com/Cormacwren
A production-minded starter that actually runs:
- ✅ X posting + replying (Twitter API v2)
- ✅ “Challenge mode”: aggressively sanitizes/filters inputs to reduce jailbreak surface
- ✅ Base (L2) wallet module (ethers v6) for balances + transaction simulation hooks
- ✅ Pluggable “Translcideus” client (HTTP) — stubbed to integrate with your service
- ✅ Threat model + security checklist
- ✅ Docker + dotenv
Important: This repo is safe-by-default. It does not auto-transfer funds. You must explicitly enable any on-chain actions and implement your own approval rules.
- Node.js 20+
- A Twitter/X developer app + API keys
- (Optional) OpenAI-compatible model endpoint key
- (Optional) Base RPC (Alchemy/Infura/QuickNode, or public RPC)
- (Optional) Translcideus API endpoint + key
npm install
cp .env.example .envFill in:
X_*keysMODEL_*keys (if you want LLM responses)BASE_RPC_URL+AGENT_PRIVATE_KEY(if you want on-chain reads/writes)TRANSLCIDEUS_*(if you want security verdicts)
Dev:
npm run devProd:
npm run build
npm start-
src/index.tsstarts two loops:- A tweet scheduler (periodic “tower log” style posts)
- A mentions/replies listener that:
- pulls new mentions
- runs them through security filtering
- generates a response (rule-based or model-based)
- posts the reply
-
The wallet module is isolated and gated.
- It can fetch balances and recent txs
- It exposes disabled-by-default hooks for on-chain actions
-
docs/THREAT_MODEL.mddocuments attack surfaces + mitigations.
src/
agent/cleo.ts # agent brain (prompts + response policy)
twitter/client.ts # Twitter API v2 wrapper
security/translcideus.ts # optional security verdicts
policies/policy.ts # prompt-injection + jailbreak filters
wallet/baseWallet.ts # Base chain utilities (ethers v6)
util/logger.ts # structured logs
docs/
THREAT_MODEL.md
SECURITY.md
MIT — see LICENSE