Techla FB Repost

This skill appears to do what it says, but take these precautions before using it: - Metadata mismatch: the registry lists no required env vars or dependencies but SKILL.md and the scripts clearly need APIFY_TOKEN, GEMINI_API_KEY, FB_PAGE_ID and FB_PAGE_ACCESS_TOKEN and a Python runtime with the 'requests' package. Expect to provide those secrets and to have python3 + requests available. - Secret handling: the scripts accept API keys and tokens as command-line arguments. On multi-user systems, command-line arguments can be visible to other users (via ps). Prefer providing tokens via a secure secrets store or environment variables and avoid pasting long-lived page tokens into ephemeral chat entries. - Confirm-before-post: SKILL.md includes a checklist that requires explicit user confirmation before posting. Before enabling the skill for autonomous use, verify the agent actually shows the preview and waits for your confirmation as promised. Don't enable full autonomy unless you trust the skill and have tested it. - Token scope & rotation: Facebook Page tokens can be powerful. Use the minimum-scoped token, test on a throwaway page first, and be prepared to revoke/rotate tokens if you suspect misuse. - Dependency & runtime: ensure python3 and the 'requests' package are installed in the environment the agent will run in. Consider reviewing the code yourself or running it locally to confirm behavior before granting secrets. If you need higher assurance, request the publisher to: (1) update registry metadata to list required env vars and runtime dependencies, (2) switch to reading secrets from environment variables or a secure file rather than CLI args, and (3) provide a provenance/homepage or contact so you can validate the source. If you cannot verify the source or cannot secure the tokens, do not install or run this skill with your production Page token.