Publora Facebook

v1.2.1

Post or schedule content to Facebook Pages using the Publora API. Use this skill when the user wants to publish or schedule Facebook posts via Publora.

⭐ 0· 643·1 current·1 all-time

bySergey Bulaev@sergebulaev

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The SKILL.md clearly describes posting/scheduling to Facebook via the Publora API (uses endpoints under https://api.publora.com and an x-publora-key header). That purpose is consistent with the skill name/description, but the registry metadata declares no required environment variables or primary credential even though the runtime instructions expect an API key (sk_YOUR_KEY). The omitted credential declaration is an incoherence.

ℹ

Instruction Scope

The instructions are concrete and limited to calling Publora endpoints, creating posts, requesting upload URLs, and PUT-ing media to the returned uploadUrl. They refer to a separate 'publora' core skill for auth. The doc does not instruct reading local files or other unrelated secrets, but it is vague about how imageBytes are obtained and about how the API key is supplied. The uploadUrl step means the agent will PUT bytes to a third-party URL returned by the API (expected for media uploads but worth noting).

✓

Install Mechanism

Instruction-only skill with no install spec or code files; nothing is written to disk by an installer in this package. This is low-install risk.

Credentials

Runtime examples use an x-publora-key API key, but the skill metadata lists no required env vars or primary credential. That mismatch is problematic: the skill will need a Publora API key (and that key allows posting/scheduling on behalf of connected Pages) but the package does not declare it, so a user or agent may be prompted unexpectedly for a sensitive credential. No other unrelated credentials are requested, which is appropriate.

✓

Persistence & Privilege

The skill does not request always:true, does not install components, and does not request system-level config paths. It appears not to request persistent elevated privileges.

What to consider before installing

What to consider before installing: - The SKILL.md expects a Publora API key (x-publora-key) but the skill metadata does not declare any required environment variable or primary credential. Expect the agent to ask you for that key at runtime — treat it as sensitive. - Verify the skill's provenance: there is no homepage and the owner is unknown. Prefer skills with a clear vendor/homepage and documented API ownership before giving credentials. - Understand what the key can do: a Publora API key granted to this skill can create and schedule posts and upload media for Pages. If possible, obtain a scoped/restricted key or test account rather than using high-privilege production keys. - Media uploads use an uploadUrl returned by the API (likely cloud storage). Confirm where those upload URLs point (S3, CDN, etc.) and do not upload sensitive content unless you trust Publora's storage and retention policies. - The SKILL.md references a separate 'publora' core skill for auth. If that core skill is not present on your agent, ask the publisher how authentication should be provided and where the key will be stored. - Test with non-sensitive content first (e.g., a test Page or draft posts) to confirm behavior and limits. - If you choose to install/use this skill, monitor Page activity and audit tokens; revoke or rotate the Publora key if you see unexpected posts. Additional information that would raise confidence: a valid homepage or vendor documentation, an explicit required environment variable (e.g., PUBLORA_API_KEY) and primaryEnv declaration, or a published 'publora' core skill dependency with clear auth flow. Without those, treat this skill as functional but under-specified and proceed cautiously.

Like a lobster shell, security has layers — review code before you run it.

latestvk9789t58rpcbt52t35vy6mwf05838qj9

643downloads

0stars

4versions

Updated 9h ago

v1.2.1

MIT-0

Publora — Facebook

Facebook platform skill for the Publora API. For auth, core scheduling, media upload, and workspace/webhook docs, see the publora core skill.

Base URL: https://api.publora.com/api/v1
Header: x-publora-key: sk_YOUR_KEY
Platform ID format: facebook-{pageId}

If you manage multiple Pages, each Page gets its own platform ID.

Requirements

A Facebook Page (not a personal profile) connected via OAuth
Page admin permissions granted during OAuth

Platform Limits (API)

⚠️ API video limits are significantly stricter than native.

Property	API Limit	Notes
Text (API)	Up to 63,206 characters	Publora frontend editor caps at 2,200; API itself has no lower limit
Images	Up to 10 × 10 MB	JPEG, PNG, GIF, BMP, TIFF; WebP auto-converted to JPEG
Video	45 min / 512 MB (Publora server limit)	FB natively allows 2 GB — Publora caps at 512 MB
Reels duration	3–90 seconds	Pages only; 30/day
Reels rate limit	30 Reels/day/Page	—
Reels posting	Pages only (not profiles)	—
Text only	✅ Yes	—

Token management: Facebook page tokens expire after 59 days. Publora auto-refreshes, but if refresh fails silently (permission changes), posts will fail without a clear token error — reconnect the page in dashboard.

Common errors:

Error 1363026 — video over 45 min → trim
Error 1363023 — file over 2 GB (Publora's 512 MB limit kicks in first)
Error 1363128 — Reels duration outside 3–90s range

Posts under 80 characters get 66% more engagement on Facebook.

Post a Text Update

await fetch('https://api.publora.com/api/v1/create-post', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json', 'x-publora-key': 'sk_YOUR_KEY' },
  body: JSON.stringify({
    content: 'Exciting news from our team! We just launched a new feature. Check it out at publora.com 🎉',
    platforms: ['facebook-123456789']
  })
});

Schedule a Post

body: JSON.stringify({
  content: 'Your Facebook Page update',
  platforms: ['facebook-123456789'],
  scheduledTime: '2026-03-20T13:00:00.000Z'
})

Post with Image

// Step 1: Create post
const post = await fetch('https://api.publora.com/api/v1/create-post', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json', 'x-publora-key': 'sk_YOUR_KEY' },
  body: JSON.stringify({
    content: 'Check out our latest product photo!',
    platforms: ['facebook-123456789']
  })
}).then(r => r.json());

// Step 2: Get upload URL
const upload = await fetch('https://api.publora.com/api/v1/get-upload-url', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json', 'x-publora-key': 'sk_YOUR_KEY' },
  body: JSON.stringify({
    postGroupId: post.postGroupId,
    fileName: 'photo.jpg',
    contentType: 'image/jpeg',
    type: 'image'
  })
}).then(r => r.json());

// Step 3: Upload
await fetch(upload.uploadUrl, {
  method: 'PUT',
  headers: { 'Content-Type': 'image/jpeg' },
  body: imageBytes
});

Post a Reel (3–90 seconds)

Use the same flow but upload a short video file. Reels are posted to Pages only.

Platform Quirks

Pages only — personal profiles are not supported via the Facebook Graph API
Multiple pages — each Page has a separate platform ID; include multiple facebook-{pageId} in platforms array to post to several at once
Video limit: 45 min / 512 MB (Publora server cap — FB natively allows 2 GB; Publora's limit kicks in first)
Reels: Must be 3–90 seconds; Pages only; 30/day per Page
Images only in multi-media: Multiple videos in one post are not supported — they'll go through the photo path incorrectly. Use one video per post.
No mixed media: Images + video in same post will fail at Facebook API level (Publora doesn't pre-validate this for Facebook)
WebP auto-converted to JPEG — no action needed
59-day token: Publora auto-refreshes page tokens; reconnect dashboard if you see unexplained posting failures
Link previews: Including a URL in text triggers Facebook's auto link preview — not controllable via API
Rate limit formula: 200 × users/hour

Comments

Loading comments...