Chia WalletConnect - Telegram Verification

This package appears to do what it claims, but review these practical points before installing or deploying: - Replace the included WALLETCONNECT_PROJECT_ID with your own project ID (the repo ships with a public example ID). Using someone else's project ID can let that project owner observe connections. - The code expects a .env (PORT, WALLETCONNECT_PROJECT_ID, optional MINTGARDEN_API_URL). The skill registry metadata omitted those; ensure you provide them when deploying. - The verification call uses https://api.mintgarden.io — confirm you trust that service and its API contract before sending signatures/public keys. Consider hosting your own verification logic if you require full control. - npm install will pull many third-party packages (WalletConnect, ethers-related packages via transitive deps). Audit dependencies and run in an isolated environment (container) if you have security concerns. - Follow best practices noted in SKILL.md: enforce HTTPS, enable CORS only for your domain, rate-limit the verification endpoint, persist verification records in a secure database, and log minimally (avoid logging signatures/private data). - If you plan to integrate this with a production bot, perform a brief code review of server/index.js and lib/verify.js to confirm there are no undesired outgoing endpoints or secret exfiltration paths (the visible code only talks to MintGarden and Telegram). If you want, I can highlight specific lines that set the default project id, the MintGarden POST call, and the points where data is sent to Telegram so you can audit them quickly.