Viral App
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill is a coherent viral.app CLI/API helper, but users should notice that it needs an API key and can perform high-impact account and payout mutations when asked.
Before installing, make sure you trust the `viral-app` CLI and provide only a suitably scoped API key. Treat payout initiation and other mutation commands as approval-required actions, and use this skill primarily for read/report workflows unless you explicitly intend to change viral.app data.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with a sufficiently privileged API key, the agent could create or modify viral.app resources and initiate payout-related actions when the user asks it to.
The skill documents commands that can change account/project resources and initiate creator payouts. This is disclosed and includes review-first guidance, but the actions are high impact.
Common mutations: ... `viral-app projects-create ...` ... Payout mutation flow: ... `viral-app payouts-initiate ...` ... Prefer review-first behavior for payout mutations unless the user explicitly asks to initiate or approve payouts.
Review any mutation or payout command before execution, prefer read-only reporting workflows by default, and use the least-privileged API key available.
The agent's access will be limited or expanded by the permissions attached to the provided viral.app API key.
The skill requires a viral.app API key, which is expected for this integration but may carry account-level permissions.
Required env vars: VIRAL_API_KEY; Primary credential: VIRAL_API_KEY
Use a scoped or read-only key where possible, keep the key out of chats and logs, and rotate it if exposure is suspected.
Users must trust the separately installed CLI, because this skill's artifacts do not define how that binary is obtained or verified.
The skill relies on an external `viral-app` binary but does not provide or pin an installation source in the supplied artifacts.
No install spec — this is an instruction-only skill.
Install `viral-app` only from the official or trusted source, verify its origin before use, and keep it updated.