Use the Content3 Agent API to create short-form videos, manage content libraries, submit reviews for human approval, and draft social media posts.
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Content3 API guide, but it requires an API key and can make account-changing content/review/social requests, so users should keep scopes narrow and review actions.
Before installing or using this skill, make sure you are comfortable giving the agent a Content3 API key. Use the narrowest scopes needed, avoid full-access keys, protect the local key file, and ask the agent to confirm before creating content, reviews, comments, drafts, or any publishing-related action.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent process that can read that file could use the granted Content3 scopes to read or change the account.
The skill instructs the user to persist a Content3 API key locally and then use it as a Bearer token. This is expected for the integration, but the key grants account authority according to its scopes.
echo "c3ak_your_key_here" > ~/.config/content3/api_key
Create a least-privilege Content3 API key, avoid the `*` full-access scope unless truly necessary, protect the file permissions, and revoke or rotate the key if it is exposed.
If used without clear user intent, the agent could create or modify Content3 content, review threads, or draft/social workflow items.
The documented API workflow can create video generation jobs and save outputs to the Content3 library. Other shown POST examples create reviews and comments. These mutations are aligned with the skill purpose but can change account content.
curl -X POST "https://api.content3.app/v1/agents/short-form/generate" ... "saveToLibrary": true
Require explicit user confirmation before POST/PUT-style account changes, and use the human-review workflow before anything is published or shared externally.
Version mismatches can make it harder to confirm exactly which skill version was reviewed or installed.
The registry metadata lists version 1.0.5 while SKILL.md declares 1.0.4 and _meta.json declares 1.0.0. This does not show malicious behavior, but it is a provenance/packaging consistency issue.
"version": "1.0.0"
Verify the intended package version and prefer a registry entry whose metadata, SKILL.md, and _meta.json versions agree.