Publora Threads
v2.0.1Post or schedule content to Threads using the Publora API. Use this skill when the user wants to publish or schedule a Threads post via Publora.
⭐ 0· 721·1 current·1 all-time
bySergey Bulaev@sergebulaev
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md is narrowly focused on posting/scheduling to Publora's Threads API and the examples match that purpose. However, the instructions explicitly require an API key header (x-publora-key: sk_YOUR_KEY) and reference a separate 'publora' core skill for auth, yet the skill metadata lists no required environment variables or primary credential. Requiring an API key is reasonable for this purpose, but failing to declare it in metadata is an inconsistency.
Instruction Scope
Runtime instructions are limited to calling https://api.publora.com and uploading media to presigned upload URLs (S3 PUT to upload.uploadUrl). The instructions do not ask the agent to read files outside media to upload, nor to access unrelated system paths. The only scope issue is that the SKILL.md implicitly expects the agent to have access to the Publora API key (via a core 'publora' skill or env var) which is not declared here.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk or installed by the skill bundle itself.
Credentials
The examples require a secret API key header (sk_... style) but the skill metadata does not declare any required env vars or a primary credential. That omission is problematic: the agent will need a secret to operate but the skill does not document how that secret is provided or stored. Additionally, presigned upload URLs will accept uploaded media—this is expected for media posts but worth noting since it sends user data to external endpoints.
Persistence & Privilege
The skill is not always-enabled, does not request elevated platform presence, and does not claim to modify other skills or system configuration. Autonomous invocation is allowed (platform default), which is normal for skills.
What to consider before installing
This skill appears to implement exactly what it says (posting/scheduling to Publora) but it omits a clear declaration of the API credential it needs. Before installing or enabling it: 1) Verify how your agent will supply the Publora API key (ask the publisher to declare a required env like PUBLORA_API_KEY or document usage of a separate 'publora' core skill). 2) Only provide a Publora key you trust—prefer a limited-scope or test account key for initial use. 3) Understand that media will be uploaded to presigned URLs (S3) and content will be sent to api.publora.com; confirm this matches your privacy/compliance needs. 4) If you cannot confirm where the key is stored or how it's protected, treat the missing credential declaration as a red flag and request clarification from the publisher before proceeding.Like a lobster shell, security has layers — review code before you run it.
latest
Sergey Bulaev@sergebulaev
DownloadPublora — Threads
Threads platform skill for the Publora API. For auth, core scheduling, media upload, and workspace/webhook docs, see the publora core skill.
Base URL: https://api.publora.com/api/v1
Header: x-publora-key: sk_YOUR_KEY
Platform ID format: threads-{accountId}
⚠️ Temporary Restriction — Thread Nesting Unavailable
Multi-threaded nested posts are temporarily unavailable on Threads due to Threads app reconnection status.
This means: content over 500 characters that would normally auto-split into connected reply chains does not work right now.
What still works normally:
- Single posts (text, images, videos, carousels)
- Standalone posts under 500 characters
Contact support@publora.com for updates on when thread nesting will be restored.
Platform Limits (API)
| Property | API Limit | Notes |
|---|---|---|
| Text | 500 characters | 10,000 via text attachment |
| Images | Up to 10 × 8 MB | JPEG, PNG; WebP auto-converted |
| Video | 5 min / 500 MB | MP4, MOV; 1 per post |
| Max links | 5 per post | — |
| Hashtags | Max 1 per post | More than 1 may be ignored or rejected |
| Text only | ✅ Yes | — |
| Threading (nested) | ⚠️ Temporarily unavailable | See above |
| Rate limit | 250 posts/24hr | 1,000 replies/24hr |
Post a Single Thread
await fetch('https://api.publora.com/api/v1/create-post', {
method: 'POST',
headers: { 'Content-Type': 'application/json', 'x-publora-key': 'sk_YOUR_KEY' },
body: JSON.stringify({
content: 'Building in public is the best marketing strategy. Here\'s why 👇',
platforms: ['threads-17841412345678']
})
});
Schedule a Post
body: JSON.stringify({
content: 'Your Threads post here',
platforms: ['threads-17841412345678'],
scheduledTime: '2026-03-20T10:00:00.000Z'
})
Post with Image
// Step 1: Create post
const post = await fetch('https://api.publora.com/api/v1/create-post', {
method: 'POST',
headers: { 'Content-Type': 'application/json', 'x-publora-key': 'sk_YOUR_KEY' },
body: JSON.stringify({
content: 'Caption for your image post',
platforms: ['threads-17841412345678']
})
}).then(r => r.json());
// Step 2: Get upload URL
const upload = await fetch('https://api.publora.com/api/v1/get-upload-url', {
method: 'POST',
headers: { 'Content-Type': 'application/json', 'x-publora-key': 'sk_YOUR_KEY' },
body: JSON.stringify({
postGroupId: post.postGroupId,
fileName: 'photo.jpg',
contentType: 'image/jpeg',
type: 'image'
})
}).then(r => r.json());
// Step 3: Upload to S3
await fetch(upload.uploadUrl, {
method: 'PUT',
headers: { 'Content-Type': 'image/jpeg' },
body: imageBytes
});
Thread Nesting (temporarily unavailable)
When restored, long content auto-splits into connected posts. Three methods:
Auto-split (content > 500 chars): Publora splits at paragraphs/sentences/words, adds (1/N) markers.
Manual --- separator:
body: JSON.stringify({
content: 'First post.\n\n---\n\nSecond post.\n\n---\n\nThird post.',
platforms: ['threads-17841412345678']
})
Explicit [n/m] markers: Publora detects [1/3], [2/3] format and splits at those points exactly.
⚠️ Currently all nested threading is disabled. Single posts, images, carousels work normally.
Media in threads: Images/video attach to the first post only. Subsequent posts are text-only.
Reply Control (platformSettings)
Control who can reply to posts:
body: JSON.stringify({
content: 'Your post here',
platforms: ['threads-17841412345678'],
platformSettings: {
threads: {
replyControl: 'mentioned_only' // or: 'accounts_you_follow', 'everyone', '' (default)
}
}
})
| Value | Who can reply |
|---|---|
"" (default) | Platform default (anyone) |
"everyone" | Anyone |
"accounts_you_follow" | Only accounts you follow |
"mentioned_only" | Only mentioned accounts |
Platform Quirks
- Connected via Meta OAuth — same account as Instagram
- Max 1 hashtag per post — more than 1 may be ignored or rejected by Threads
- 5 links per post max — enforced at the API level
- PNG supported — unlike Instagram, Threads accepts PNG images; WebP auto-converted
- Video carousels limited — video support in carousels is limited; use images for carousels
- Nested threading disabled — see the notice at the top of this skill
Comments
Loading comments...