Ultimate Flashcards / Podcasts Tutor
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone installing the skill must provide an EchoDecks API key, which allows the skill to read account information and perform supported account actions.
The client sends the ECHODECKS_API_KEY as an authentication header to the EchoDecks API, granting the skill access to the user’s EchoDecks account.
"X-API-KEY": get_api_key()
Use an API key you are comfortable granting to this integration, revoke or rotate it when no longer needed, and consider limiting its scope if EchoDecks supports scoped keys.
If used, the skill can spend EchoDecks credits, create generated content, and alter spaced-repetition progress.
The tool set includes actions that consume credits and update study state. These actions are disclosed and purpose-aligned, but they have account impact.
echodecks_generate_cards ... *Cost: 10 credits.* ... echodecks_generate_podcast ... *Cost: 50 credits.* ... echodecks_submit_review ... Submit a spaced-repetition review for a card.
Confirm credit-spending generation and review-submission actions before running them, and verify deck/card IDs.
Text supplied for flashcard generation and account/deck identifiers are transmitted to EchoDecks.
The skill sends API requests, including user-provided topics or source text for card generation, to the external EchoDecks service.
BASE_URL = "https://echodecks.com/api/apps/68bc0769be6e58e1c8385b2b/functions/externalApi"
Avoid sending sensitive private material unless you trust EchoDecks’ handling of that data.