Social Content Generator

This skill appears to be a legitimate social-post generator, but there are several red flags you should address before using it: - Missing files: SKILL.md references generate_calendar.py and upload_post.py but only generate_post.py is included. Ask the author for the missing scripts or remove references if they're not part of the package. - Undeclared credentials: The README/skill suggests you must provide OPENAI_API_KEY and platform tokens, yet the registry metadata lists no required env vars. Treat API keys as sensitive—only provide them after confirming exactly which script needs them and why. - Undeclared dependencies: The script uses the openai and requests Python packages but the skill provides no install/dependency spec. Install dependencies in a virtualenv and inspect the code before running. - Network behavior: generate_post.py will call OpenAI and download images from URLs returned by the API. This is expected for image/text generation, but be aware that your prompt/topic content and any generated content will be sent to OpenAI. Use limited-scope API keys and quotas. - Safety steps: run the script in an isolated environment (container or VM), avoid hardcoding tokens or committing .env to repos, restrict API key scopes where possible, and ask the publisher to provide: (1) complete file set, (2) a requirements.txt or install instructions, and (3) explicit documentation for which env vars are actually needed. If the uploader feature is required, request the upload_post.py source for review before providing platform credentials. If you want, I can (a) inspect any missing scripts you obtain, (b) produce a safe requirements.txt and minimal run instructions, or (c) point out exact lines where environment variables are referenced inside the code.