Topview
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent with its stated Topview media-generation purpose, but it needs Topview account credentials and can spend credits or modify Topview assets, so users should install it knowingly.
Install this if you trust Topview and intend to let the agent use your Topview account for media generation. Verify the source, authenticate only through Topview domains, avoid uploading sensitive media unless you are comfortable sending it to Topview, and ask for cost confirmation before bulk, expensive, or destructive actions.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill is authorizing the agent to act through their Topview account for supported generation, board, and usage operations.
The skill requires delegated Topview account credentials and stores them locally for later API use.
primaryEnv: TOPVIEW_API_KEY ... envVars: ... TOPVIEW_API_KEY ... TOPVIEW_UID ... storesCredentialsAt: ~/.topview/credentials.json
Only authenticate through a trusted Topview link, use a dedicated or least-privileged API key if available, and run the documented logout flow or rotate the key when no longer needed.
Requested generations may consume paid or prepaid Topview credits, especially for multi-step or batch workflows.
Generation actions are tied to the user's Topview credit balance, so automated or batch creative workflows can spend account credits.
Before running a generation task, verify you have enough credits.
Ask the agent to estimate cost and confirm before large, repeated, or expensive generation jobs.
If invoked, the skill can change or delete Topview board organization and associated account assets.
The board module exposes account-mutating operations, including deleting Topview boards.
`update` | Rename a board ... `delete` | Delete a board
Confirm board rename/delete actions explicitly and avoid letting the agent perform destructive board management unless you requested it.
Users relying only on registry metadata may not realize the skill needs local Python execution and Topview credential setup.
Registry metadata under-declares setup and credential needs compared with the skill documentation, which lists Python/pip requirements and Topview API credentials.
Source: unknown ... No install spec — this is an instruction-only skill. ... Primary credential: none
Review the SKILL.md/README setup instructions and verify the publisher/repository before installing or authenticating.
If a webhook is used, task completion information may be sent outside the normal Topview/chat flow.
Some modules support passing a webhook URL for completion notifications, creating an external notification/data-flow option.
`--notice-url URL` | Webhook URL for completion notification
Use webhook URLs only when you trust the destination and understand what task information will be delivered there.