ReelClaw

This skill appears to implement the described reel-production pipeline, but there are multiple red flags you should check before installing or running it: - Clarify required credentials: the SKILL.md needs GEMINI_API_KEY and a DanSUGC API key/MCP (used for purchases, posting, analytics) but the registry metadata lists none. Do not provide keys until you confirm why each is required and what scope/permissions they need. - Billing/purchases: DanSUGC's purchase_videos tool deducts credits — ensure you understand pricing and that you trust the service before authorizing any purchase-capable key. - Data exfiltration/privacy: the skill uploads videos to Google's Gemini API and advises using tmpfiles.org to host public URLs. Uploaded media and derived analysis will leave your environment; avoid sending sensitive videos and review retention/privacy policies of those services. - Third‑party downloads: the font install fetches from a non-standard host (cufonfonts.com). Prefer official font sources or manual verification of downloaded files before running curl/unzip commands. - MCP raw proxy and scraping: the provided mcp__dansugc__scrapecreators_raw proxy can forward arbitrary scraping requests. Confirm intended use and limits to avoid unintended scraping or terms-of-service violations. - Least privilege & testing: if you try it, use scoped/test API keys, minimal balance, and a throwaway posting account. Run in a sandboxed environment and review all network calls and temporary files. If you need to proceed safely, ask the skill author for an updated manifest that accurately lists required env vars/binaries and for a list of exact endpoints the skill will call (and whether any keys are stored). If the author cannot provide that, treat the skill as higher risk and prefer manual execution of the provided commands after code review rather than granting an agent autonomous access.