X Bot Detector

Detects bot accounts and botted posts on X using XHR interception and multi-signal heuristic analysis.

X Bot Detector checks tweets and accounts on X (formerly Twitter) for bot activity and AI-written content. It runs 36 heuristic signals, 9 swarm-detection checks and 15 AI text signals. Everything happens locally in your browser. No data leaves your device and there are no API keys to set up. HOW IT WORKS The extension reads X's own internal GraphQL API responses, the same data the X website uses to draw your feed. That gives it real account metadata: creation dates, follower counts, posting-source apps and list memberships. It's far more accurate than guessing from the page alone. WHAT IT DETECTS Account checks: account age, follower-to-following ratio, posting rate, list memberships, like activity, default profiles, username patterns, display-name spam, bio spam, media ratio and follow-limit behavior. Content checks: hashtag stuffing, spam and scam keywords, emoji abuse, mention bombing, shortened or suspicious links, low text variety and templated copy. Engagement checks: ratios that point to bought likes, views or reposts, plus generic reply-farming and thin vocabulary. Source checks: known bot frameworks and automation tools spotted in the posting-client field. Timing checks: posting that's too regular to be human, plus rapid-fire bursts. REPLY SWARM DETECTION When a pile of replies lands on one post, the extension groups them and looks for coordination: near-identical wording, bot-style usernames, floods of generic replies, clusters of brand-new accounts, default avatars, low-reputation repliers, automation tools, accounts all created in the same week and the same link posted over and over. That's the kind of thing you'd never catch one tweet at a time. AI TEXT DETECTION This part is separate from the bot score. It flags tweets that read like a large language model wrote them (ChatGPT, Claude, Gemini and the like) using two angles. Language patterns: telltale phrases like "it's important to note", "delve into" and "in the realm of", corporate AI buzzwords, bulleted or numbered structure, dodged contractions and heavy hedging. Clearly casual, human writing pulls the score back down. Statistical fingerprint: em dash and semicolon habits, comma density, how much sentence length varies, word complexity, punctuation consistency, clause structure and passive voice. Flagged tweets get their own violet "AI Text" badge next to any bot badge. So you can tell a bot account from a real person posting AI-written text from a plain organic post. SCORING Every tweet gets a weighted score: - 70% and up: Likely Bot (red badge) - 40 to 69%: Suspicious (amber badge) - 20 to 39%: Mild Signals (blue badge) - Under 20%: Clean (no badge) Reply swarms get a pulsing purple badge. AI text gets a violet one. A small tag reads "API" (green) when the score used full intercepted data or "DOM" (grey) when it fell back to reading the page. WHAT'S NEW IN v3.3.0 - Smarter scoring. One strong signal no longer gets watered down by weaker ones, so clear-cut bots stop slipping through. - Fewer false alarms. A "Likely Bot" verdict now needs real backup (a smoking-gun signal or evidence from more than one category), so an eager new account that follows lots of people won't get tarred as a bot. - Fair handling of reposts. Spam or AI text in a retweet now counts against the original author instead of whoever reposted it. - Account age feeds into the reputation check. A brand-new account with few followers isn't treated like a seasoned mass-follow bot. - Verification stops being a free pass. A checkmark or an old account won't rescue something that trips several strong bot signals. - Reliability fixes. Saved timing and AI data now survive page reloads, and AI detection re-runs once the full tweet text loads. 100% private. Zero data collection. No outside calls. It all stays in your browser.