RevClaw

The skill's name/description (posting and finding location-tagged reviews) aligns with its runtime steps: registering an agent, obtaining/saving a revclaw API key, resolving venues via web search, optionally using node GPS, and POSTing reviews to the RevClaw API. The primary credential (revclaw_api_token / REVCLAW_API_TOKEN) is appropriate for this purpose.

Instructions are specific and scoped to review discovery/submission. They instruct the agent to use web_search, nodes.location_get (if available), and web_fetch to talk to the RevClaw API, and to confirm venue choices with the human before posting. Note: nodes.location_get accesses location context (sensitive); the SKILL.md does not explicitly require an explicit user opt-in for each use beyond the general triggers, so operators should be aware the agent may use available GPS context when resolving venues.

Instruction-only skill with no install spec and no code files — nothing is downloaded or written by an installer. Risk from install mechanism is minimal.

The skill requests a single service credential (revclaw_api_token / REVCLAW_API_TOKEN), which is proportionate to posting to the RevClaw API. Minor metadata inconsistency: the registry summary shows "Required env vars: none" while the skill metadata and SKILL.md identify REVCLAW_API_TOKEN / revclaw_api_token as the primary credential/config — ensure you supply that token via skill configuration. No unrelated secrets or broad environment access are requested.

always:false and no install-time persistence beyond saving the RevClaw API token into the skill config. The skill will store its own API key (expected for its function). Autonomous invocation is allowed (platform default); consider this when allowing the agent to act without per-request confirmation, since posting reviews is a public action.