Tiktok Trend Radar

This skill appears to do what it says, but there are important issues to consider before installing: - Metadata mismatch: The registry claims no required env vars, yet the SKILL.md requires APIFY_TOKEN, INVIDEO_API_KEY, and CLAUDE_API_KEY (and likely credentials for Slack/webhooks). Treat this as a transparency problem — ask the publisher to update metadata to list required secrets. - Data exfiltration / privacy: The skill scrapes posts (text, authors, URLs, engagement) and sends that raw data to external services (Claude/OpenClaw, InVideo). If you care about user privacy, copyrighted content, or regulatory compliance, review whether sending scraped content to these services is acceptable. - Use least-privilege keys: If you proceed, create dedicated API credentials with the minimum scope and rate limits possible, not reuse personal or org-wide keys. - Test in isolation: Run the pipeline in a controlled environment (isolated account, test API keys) first to observe what data is transmitted and retained by downstream services. - Check terms of service and legality: Scraping TikTok/Instagram may violate their terms; ensure compliance and consider using official APIs where possible. - Ask for source or signed publisher: Because the skill is instruction-only and the registry source is 'unknown' with no homepage, request the full source or a trustworthy publisher record before wide deployment. - Referral links: The SKILL.md contains affiliate/referral URLs (Apify/InVideo). This is not necessarily malicious but is a signal to verify motivations and to avoid clicking untrusted links. If you need help: ask the publisher to provide an updated metadata manifest that lists required env vars and any webhook/notification credentials, and request a full review of the complete SKILL.md (untruncated) or source code before enabling autonomous use.