bluesky-post

SUSPICIOUS: The skill's core function is coherent, and the endpoints appear to be official Publora services, so this is not a fake installer or obvious malware. However, it requires routing Bluesky activity through Publora, including forwarding a Bluesky app password to a third party and giving an AI agent the ability to schedule/publicly post; combined with a plan-doc inconsistency, this makes the skill medium/high risk rather than benign.