telegram-post
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security concerns identified. The skill follows standard integration patterns for MCP servers and REST APIs using the vendor's own domains (publora.com).
- [DATA_EXPOSURE]: The skill provides instructions for managing API keys in local configuration files (
~/.claude/claude_desktop_config.json), which is a standard and safe practice for MCP server setup. It uses placeholders (YOUR_API_KEY,sk_your_api_key) rather than hardcoding actual credentials. - [EXTERNAL_DOWNLOADS]: Network operations are directed towards the vendor's official domains (
api.publora.com,mcp.publora.com,docs.publora.com), which is expected behavior for this service.
Audit Metadata