# Reading X/Twitter content when `xurl` is unavailable Quick reference for the fallback paths that work (and the ones that no longer work) when the user shares an X link but `xurl` is not installed or authenticated. ## Primary path If you need to read X posts regularly, install and authenticate `xurl` per the skill setup. This is the only reliable, structured path. ## Fallbacks tested (June 2026) | Method | Status | Notes | |---|---|---| | `r.jina.ai/http://x.com/...` | ❌ Blocked | Anonymous access to `x.com` blocked by jina.ai due to abuse/DDoS detection. Error: `SecurityCompromiseError: Anonymous access to domain x.com blocked until ...` | | `r.jina.ai/http://twitter.com/...` | ❌ Same block | Same abuse block. | | Nitter instances (`nitter.privacydev.net`, `nitter.poast.org`, `xcancel.com`) | ❌ Mostly defunct | DNS failures, 503s, or rate-limited. Not a dependable fallback anymore. | | `ghostarchive.org/archive/https://x.com/...` | ⚠️ Hit-or-miss | Returns 404 for many posts/articles. Worth a one-shot try only. | | Direct `curl` to `x.com` post URL | ❌ Useless for text | HTML is client-side rendered; only OpenGraph metadata (title/description) is present. Article body is not in the initial HTML. | | X guest API / GraphQL with bearer token | ❌ Fails | Returns 403/404. X now requires a real authenticated app/project for v2/GraphQL access. | ## What to do instead If `xurl` is unavailable and the fallbacks above fail: 1. Ask the user to paste the post text. 2. Ask for a screenshot if the post is visual. 3. If the link points to an X Article (`/i/article/`), ask the user to open it and copy the text — articles are fully behind the client-side app and not scrapable without auth. 4. Offer to set up `xurl` if the user wants ongoing X access. ## Anti-patterns - Do **not** keep hammering `r.jina.ai` or Nitter instances in the same session — they are either blocked or down and will just waste iterations. - Do **not** attempt to parse the logged-out X SPA JavaScript bundles for content — brittle, slow, and usually fails. - Do **not** ask the user to paste credentials or tokens. The only legitimate auth path is the OAuth flow in the skill setup.