|
|
|
|
|
|
by dpoloncsak
134 days ago
|
|
|
Adding on here... VirusTotal is flagging the trello skill as suspucious because it Does NOT include an API key? Am i expected to share my keys if I want to upload a skill? https://clawhub.ai/steipete/trello "Requiring TRELLO_API_KEY and TRELLO_TOKEN is appropriate for Trello access, but the registry records no required env vars while SKILL.md documents them. This omission is problematic: the skill will need highly privileged credentials but the published metadata does not disclose that requirement. The SKILL.md also references 'jq' and uses curl, but these are not declared in the registry entry." |
|
|
Subsequently they’ve included the use of curl but also haven’t declared that either which means that it _could_ leak your key if you provide it one. That’s why it’s suspicious - virus total has flagged that you should probably review the skill.md