PostNitro Carousel Generator
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent PostNitro carousel-generation helper, but users should notice that it uses a PostNitro API key, sends content to PostNitro, and may consume account credits.
This skill appears purpose-aligned and instruction-only. Before installing, verify the source, use a controlled PostNitro API key, and only submit content or URLs that you are comfortable sending to PostNitro and spending credits on.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the configured key through this skill can create PostNitro carousel jobs and use the associated account’s credits.
The skill requires delegated access to a PostNitro account via an API key, which is expected for this integration but still grants account-level API authority.
Requires a PostNitro API key.
Use a dedicated PostNitro API key if available, keep it in environment variables only, and revoke or rotate it if the skill or environment is no longer trusted.
Unintended or repeated use could spend PostNitro credits or create unwanted carousel assets.
The documented API workflow initiates remote generation jobs and consumes credits. This is purpose-aligned, but it is a real account-affecting operation.
POST /post/initiate/generate ... Credit cost: 2 credits per slide.
Confirm the requested topic, slide count, and output type before initiating generation, especially on paid or limited-credit accounts.
Private drafts, internal URLs, or confidential marketing content provided to the skill may be transmitted to PostNitro.
User-supplied text, article URLs, or X post URLs are sent to the external PostNitro API for processing. This is central to the skill but may involve sensitive content.
`context` ... For `"text"`: text content. For `"article"`: article URL. For `"x"`: X post/thread URL.
Avoid sending confidential or non-public content unless PostNitro’s data handling terms are acceptable for that material.
Users have less provenance information for deciding whether this instruction set is officially maintained or trustworthy.
The skill does not include runnable code or an installer, but its package source is not identified, which matters because the skill asks users to configure a service API key.
Source: unknown
Verify the skill against PostNitro’s official documentation or publisher information before configuring credentials.