TokPortal

v1.0.0

Automate TikTok and Instagram at scale with account creation, video distribution, content uploads, and detailed analytics using 30 AI-native tools via TokPor...

⭐ 3· 745·0 current·0 all-time

by@naybu256

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

Name/description, required env var (TOKPORTAL_API_KEY), and the exposed tools (account creation, video upload, analytics, retrieval of delivered account credentials and verification codes) are consistent: the API key and MCP helper package are the expected control surfaces for this purpose.

Instruction Scope

Runtime instructions ask you to install/run an MCP server (tokportal‑mcp via npm/npx), modify your OpenClaw config (~/.openclaw/openclaw.json) or set TOKPORTAL_API_KEY env var, and permit uploads of local video/image files (which become public URLs). The skill also retrieves full account credentials and verification codes from the service. Those actions are coherent with the stated purpose but present real data‑exposure and credential‑handling surface (possible exfiltration of local files or delivered credentials) that the SKILL.md does not warn about or constrain.

ℹ

Install Mechanism

There is no registry install spec, but SKILL.md recommends installing or running the third‑party npm package tokportal‑mcp (npm install -g / npx). Installing/running npm packages (especially via npx which downloads and executes on demand) is a common but moderate‑risk vector — the MCP package will run code on your machine and handle your API key. The package is hosted on npm (traceable) rather than an arbitrary URL, but you should review its source and trustworthiness before executing.

✓

Credentials

Only one primary credential (TOKPORTAL_API_KEY) is required and that aligns with the described API usage. There are no unrelated environment variables or config paths requested. However, storing the key in a shared OpenClaw config or passing it to an MCP process increases exposure surface and should be treated carefully.

✓

Persistence & Privilege

The skill is not marked always:true and does not request system‑wide changes beyond adding itself to the agent's OpenClaw/MCP config. It does instruct adding an entry to ~/.openclaw/openclaw.json or MCP configs (normal for enabling a skill) but does not request modification of other skills or global credentials.

What to consider before installing

This skill appears to do what it says — automate TokPortal tasks — but it has practical risks you should review before enabling. Specifically: (1) tokportal‑mcp is an npm package you will install/run (npx will download and execute code); review its npm page and source, and only run it from a trusted maintainer. (2) The skill uploads local files (video/image) to produce public URLs — do not let it upload sensitive or private files. (3) The service returns delivered account credentials and 2FA/verification codes; consider the legal/abuse implications of bulk account creation and protect those credentials. (4) Avoid placing your API key in shared configs if other users/processes can read them; prefer a least‑privilege key and rotate it if you suspect misuse. (5) If you need stronger assurance, ask the publisher for the tokportal‑mcp source repository and audit it or run it in an isolated sandbox/container. Proceed only if you trust TokPortal and the npm package maintainers.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🎵 Clawdis

EnvTOKPORTAL_API_KEY

Primary envTOKPORTAL_API_KEY

latestvk97bxh9ee4s4rgr4s91bh6wn69814nrx

745downloads

3stars

1versions

Updated 8h ago

v1.0.0

MIT-0

TokPortal

Manage mass social media account creation, video distribution, and analytics via the TokPortal platform. This skill exposes 30 tools through a dedicated MCP server, giving your AI agent full control over TikTok and Instagram operations at scale.

Setup

1. Get your API key

2. Install the MCP server

The recommended way to use TokPortal with OpenClaw is via the MCP server:

npm install -g tokportal-mcp

3. Configure OpenClaw

Add to your ~/.openclaw/openclaw.json:

{
  "skills": {
    "entries": {
      "tokportal": {
        "enabled": true,
        "apiKey": "tok_live_your_key_here"
      }
    }
  }
}

Or set the environment variable:

export TOKPORTAL_API_KEY="tok_live_your_key_here"

4. Add MCP server config

Add to your MCP configuration (Cursor .cursor/mcp.json or Claude Desktop claude_desktop_config.json):

{
  "mcpServers": {
    "tokportal": {
      "command": "npx",
      "args": ["-y", "tokportal-mcp"],
      "env": {
        "TOKPORTAL_API_KEY": "tok_live_your_key_here"
      }
    }
  }
}

Available Tools (30)

Info (6 tools)

get_me — Your profile, credit balance, and API key info
get_credit_balance — Detailed balance with expiration dates
get_credit_history — Transaction history (paginated)
get_countries — Available countries for account creation
get_platforms — Supported platforms (TikTok, Instagram) with features
get_credit_costs — Full credit cost grid for all actions

Bundles (8 tools)

create_bundle — Create a bundle (account only, account + videos, or videos only)
create_bulk_bundles — Performance Max: create multiple bundles at once
list_bundles — List bundles with status/platform filters
get_bundle — Full bundle state including account config and videos
publish_bundle — Publish a configured bundle (goes live to account managers)
unpublish_bundle — Pull a bundle back to draft
add_video_slots — Add video slots to an existing bundle (2 credits/slot)
add_edit_slots — Add editing slots (3 credits/slot)

Account Configuration (4 tools)

get_account_config — View current account setup
configure_account — Set username, display name, bio, profile picture
finalize_account — Approve an account that is in review
request_account_corrections — Request fixes on specific fields

Videos (6 tools)

list_videos — List all videos in a bundle
configure_video — Set up a single video (caption, publish date, media URL, sound settings)
batch_configure_videos — Configure multiple videos at once
finalize_video — Approve a video in review
request_video_corrections — Request fixes on a video
unschedule_video — Cancel a scheduled video

Delivered Accounts (3 tools)

list_accounts — List your delivered accounts with filters
get_account_detail — Full credentials + TokMail email for an account
get_verification_code — Retrieve the latest 6-digit verification code

Analytics (4 tools)

get_analytics — Followers, views, engagement rate, and more
refresh_analytics — Trigger an analytics refresh (48h cooldown, 500/month quota)
can_refresh_analytics — Check if a refresh is available
get_video_analytics — Per-video analytics (views, likes, engagement)

Uploads (2 tools — MCP only)

upload_video — Upload a local video file, returns a public URL
upload_image — Upload a local image file (for carousels or profile pictures)

Example Workflows

Create a TikTok account with 5 videos

"Create a TikTok bundle in the US with 5 videos and niche warming for fitness content"

The agent will call create_bundle with the right params, then guide you through account and video configuration.

Check your account analytics

"Show me the analytics for all my delivered accounts"

The agent will call list_accounts, then get_analytics for each.

Bulk video distribution

"Create 10 TikTok accounts in France with 3 videos each"

Uses create_bulk_bundles (Performance Max) to create all bundles in one call.

API Reference

Base URL: https://app.tokportal.com/api/ext
Auth: X-API-Key header
Rate limit: 120 requests/minute per API key
Full docs: developers.tokportal.com

Credit System

TokPortal uses a credit-based model (1 credit = $1):

Account creation: 5-8 credits depending on country
Video upload: 2 credits per video
Niche warming: 7 credits
Deep warming (Instagram): 40 credits
Comment moderation: 25 credits
Video editing: 3 credits per edit slot

Support

Documentation: developers.tokportal.com
Support: team@tokportal.com
npm package: tokportal-mcp

Comments

Loading comments...