Neta Creative

This skill appears to do what it says (drive a Neta CLI to generate media), but there are a few mismatches you should reconcile before installing or using it: - SKILL.md expects a NETA_TOKEN but the registry metadata does not declare any required environment variables. Treat that as a red flag: confirm where the token is used/stored and whether it is necessary for your intended use. Do not supply high‑privilege credentials unless you verify the service. - The skill asks you to install @talesofai/neta-skills globally via npm/pnpm and to use neta-cli. Verify the package and neta-cli packages on the official npm registry (check publisher, download counts, repository, and recent release notes). If possible, install in an isolated environment (container or VM) or review the package source before running. - Because this is instruction-only, the skill will tell your agent to run CLI commands. That is expected, but means the real security surface is the external CLI/package. Ensure the CLI is trustworthy and that the token you supply is scoped minimally (least privilege) and revocable. - If you plan to cache outputs locally (examples use character_cache/...), keep privacy in mind and avoid storing sensitive tokens in those files. Prefer ephemeral tokens or auditing of network calls if possible. If you want to proceed: ask the publisher for the canonical package repository URL, confirm the exact permission scope of NETA_TOKEN, and request the registry metadata be updated to declare NETA_TOKEN as a required environment variable (or remove the requirement from SKILL.md) so the manifest and instructions align.