Use the Content3 Agent API to create short-form videos, manage content libraries, submit reviews for human approval, and draft social media posts.
v1.0.5Content3 API for creating videos, managing content, submitting reviews, and posting to social media.
⭐ 0· 924·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description (short-form video, content library, reviews, social posts) align with the runtime instructions in SKILL.md. The API endpoints shown match that purpose. However, the manifest lists no required credentials while the SKILL.md explicitly instructs storing and reading a Content3 API key — a documentation/manifest inconsistency.
Instruction Scope
SKILL.md instructs agents/users to create a local credentials file (~/.config/content3/api_key) and to run curl commands that send that key to https://api.content3.app. It also includes examples that reference external assets (e.g., object storage URLs) and social publishing. The instructions do not ask the agent to read unrelated local files, but they do require reading a local secrets file that wasn't declared in the manifest. Because the skill is instruction-only, there is no hidden code to inspect, but the agent will be making outbound network requests using the provided key.
Install Mechanism
No install spec and no code files — lowest install risk. The skill is instruction-only (curl examples). That reduces risk of arbitrary code being written/executed on disk, but does not eliminate risk from network actions performed by the agent using user-provided credentials.
Credentials
SKILL.md requires a Content3 API key (example prefix c3ak_) and documents scopes including write/publish and a '*' full-access scope. Yet the registry metadata declares no required environment variables or primary credential. This mismatch is potentially misleading. Because the API can create/modify content and post to social accounts, granting broad scopes (or '*') gives the skill the ability to publish or modify content — ensure keys have minimal necessary scopes and consider using a dedicated account.
Persistence & Privilege
The skill is not always-included and does not request or claim any special platform-level privileges. It asks the user to store a local API key file, which is normal for API-based skills, but it does not modify other skills or system-wide settings. Note: the platform default allows autonomous invocation; combined with broad API scopes this could increase impact, but that combination is a consequence of user-granted key scopes rather than the skill requesting elevated platform privileges.
What to consider before installing
This is an instruction-only skill that uses the Content3 API and expects you to create and store an API key locally, but the registry metadata doesn't declare that credential — treat that as a red flag. Before installing: (1) Verify the publisher and the Content3 developer homepage (https://content3.app/developers). (2) Create an API key with the minimal scopes needed (avoid '*' or broad write/publish scopes if you only need read/generate). (3) Use a dedicated Content3 account for testing, not a high-privilege production account. (4) Store keys securely (not world-readable), and be prepared to rotate/revoke the key if unexpected activity occurs. (5) Remember that, even without embedded code, the agent will perform network calls using your key and can create/publish content — only proceed if you trust the service and the requested scopes. (6) Ask the publisher to update the skill metadata to explicitly declare the required credential so the manifest matches runtime instructions.Like a lobster shell, security has layers — review code before you run it.
latestvk972sgeh69xgypftcpk5x8ecvx81dm24
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎬 Clawdis