Adding on here...

VirusTotal is flagging the trello skill as suspucious because it Does NOT include an API key? Am i expected to share my keys if I want to upload a skill?

https://clawhub.ai/steipete/trello

"Requiring TRELLO_API_KEY and TRELLO_TOKEN is appropriate for Trello access, but the registry records no required env vars while SKILL.md documents them. This omission is problematic: the skill will need highly privileged credentials but the published metadata does not disclose that requirement. The SKILL.md also references 'jq' and uses curl, but these are not declared in the registry entry."