neynar

This skill is a straightforward API integration for the Neynar/Farcaster service. It requires an API key and optional signer UUID stored in a local config file; those credentials are used directly with Neynar's documented endpoints. There are no obvious malicious indicators such as download-and-execute commands, third-party exfiltration endpoints, obfuscated payloads, or instructions to forward credentials to unknown services. The main security considerations are operational: ensure the local config file is protected, audit the actual scripts (scripts/neynar.sh) for safe shell quoting to prevent command injection, and understand that using a managed signer entrusts signing capability to Neynar. Overall risk is low-to-moderate purely because credentials grant the ability to perform real-world actions (posting/reacting/following), which is expected for this type of skill but requires user trust in Neynar.