btpanel

This skill appears to be what it claims: a BT-Panel monitoring/admin toolkit. Before installing or using it, consider the following: - Trust and credentials: The scripts require API tokens for each panel and will store them in a local config file (e.g., ~/.openclaw/bt-skills.yaml or a path you set via BT_CONFIG_PATH). Treat those tokens like passwords — only provide them if you trust the skill/source. Inspect bt_common/config.py to confirm how tokens are stored (plaintext vs encrypted). - Source verification: The package lists no homepage and the registry owner is unfamiliar; if you don't trust the author, review the included code (bt_common and scripts) yourself or run in an isolated environment. The code is readable Python — you can audit network calls and file writes easily. - Dependencies: The package requires Python packages (requests, pyyaml, rich) shown in README and script headers but they are not declared in the registry metadata. Install dependencies in a virtualenv (pip install -r requirements.txt) before running. - Principle of least privilege: If the panel supports scoped/read-only API tokens, create tokens with the minimum permissions needed (monitoring/log read) rather than full admin tokens. - Sensitive outputs: The tool can read server logs and backups via the panel API. Be mindful where reports or exported files are saved and who can access them. If you want higher assurance, ask the publisher for a homepage or source repo, or request a summary of how credentials are stored and what permissions the client uses. If you cannot verify the author, run the scripts in an isolated test environment and audit bt_common/* and scripts/* before supplying real tokens.