Phy Social Post

The skill's description matches a social-posting helper, but the runtime instructions require local Python code and API keys that are not declared in the registry metadata and no install or code is provided — this mismatch is concerning.

This skill's behavior is plausible for a social-posting helper, but there are important inconsistencies you should resolve before installing or using it: - The SKILL.md expects two API keys (POSTFORME_API_KEY, LATE_API_KEY) and a local Python package/virtualenv, but the registry metadata declares none of these. Ask the publisher to declare required env vars and provide an install script or the repository. - Because the instructions load a .env file, ensure that file only contains the minimal API keys needed for posting, and do not reuse high-privilege or unrelated credentials. Prefer creating limited-scope API keys on the provider dashboards. - The skill includes no bundled code or install steps. If you proceed, only run this in a controlled environment where you have the expected social_posting package (e.g., your own project repo). Do not run unknown Python code or scripts from untrusted sources. - Verify the external provider URLs (postforme.dev, getlate.dev) and that those services are trustworthy and provide the authorization flows you expect. If the publisher cannot provide a matching repository or manifest updates (declared env vars, install instructions, or bundled code), treat the skill as incomplete and avoid granting secrets or running its example scripts.