Transistor FM
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a straightforward Transistor.fm API guide, but it uses an account API key and includes actions that can publish or change podcast content.
Install only if you intend to let the agent help manage your Transistor.fm account. Keep the API key protected, and require explicit review before publishing, scheduling, updating, or deleting podcast content.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly, the agent could publish or schedule podcast content before the user intends.
The skill documents API calls that can publish podcast episodes. This is central to the stated purpose and is presented as an explicit workflow, but it is still a public/content-changing action.
curl -s "$BASE/episodes/EPISODE_ID/publish" -X PATCH -H "x-api-key: $KEY" -d "episode[status]=published"
Confirm episode IDs, titles, audio, and publish timing before allowing publish or schedule requests.
Anyone or any agent with access to the API key may be able to read podcast data and perform account actions allowed by that key.
The skill requires an account API key, while the registry metadata does not declare a primary credential or required environment variable. The credential use is expected for the Transistor.fm API, but users should notice the account authority being granted.
Transistor.fm API key ... Store as environment variable `TRANSISTOR_API_KEY` or retrieve from a secrets manager
Use a dedicated/revocable API key if available, store it in a secrets manager or environment variable, and avoid pasting it into prompts or logs.