Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (multi‑platform content publisher) align with the declared binary (turbo-push-mcp) and required env vars (TURBO_PUSH_PORT, TURBO_PUSH_AUTH). Those are expected for a local MCP server that proxies publishing to many platforms.
Instruction Scope
SKILL.md contains only instructions for calling the local MCP server APIs (list/create/publish/etc.) and guidance for constructing request payloads; it does not instruct reading unrelated files or accessing unrelated credentials or external endpoints beyond the referenced GitHub release page. The skill runtime will invoke the local binary and use the declared token/port for auth, which matches the documented workflow.
Install Mechanism
This is instruction-only (no install spec). SKILL.md suggests building from source or downloading prebuilt binaries from the project's GitHub releases — reasonable, but downloading/running prebuilt binaries carries typical supply-chain risk. Recommend verifying releases (checksums/signatures) or building from source if you don't trust the binary.
Credentials
Only TURBO_PUSH_PORT and TURBO_PUSH_AUTH are required, and TURBO_PUSH_AUTH is declared primary. Both are appropriate for authenticating to a local MCP service; there are no unrelated credentials or unexplained environment variables requested.
Persistence & Privilege
Skill is not always-enabled and allows normal model invocation behavior. It does not request elevated platform-wide persistence or modify other skills' configs in its instructions.
Assessment
This skill is coherent with a local TurboPush MCP service but exercise normal caution: only install or run turbo-push-mcp from a source you trust (prefer building from the repository if possible), verify any downloaded binaries, and keep the TURBO_PUSH_AUTH token secret. Because the skill invokes a local binary that performs publishing, consider running it in an isolated environment (container/VM) if you are unsure about the binary provenance. If you install prebuilt releases, check checksums/signatures and review the GitHub repo for recent activity or security notes before use.Like a lobster shell, security has layers — review code before you run it.
latestvk978h5h4j2gcsd9rnkmcakdcsh83xfxb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsturbo-push-mcp
EnvTURBO_PUSH_PORT, TURBO_PUSH_AUTH
Primary envTURBO_PUSH_AUTH