Data Sentinel Pro

Things to check before installing or running: - Source verification: the package lists an author and GitHub URL in docs, but the registry 'Source' is unknown and homepage is empty; verify the upstream repository/author and confirm the code hasn't been tampered with. - Config mismatch: the SKILL.md and README reference different storage/config paths (~/.openclaw/workspace/skills/... vs ~/.openclaw/data/sentinel) and example monitors.json; the scripts actually write per-URL files under ~/.openclaw/data/sentinel. Confirm you understand where data and credentials will be stored. - Credentials: the skill will read ~/.openclaw/openclaw.json and use any telegram_token/telegram_chat_id found there to call api.telegram.org. Only provide a bot token with minimal permissions, and do not reuse high-privilege tokens or other service credentials. Prefer creating a dedicated notification bot/account. - Unused/extra fields: SKILL.md asks for license_key and email SMTP creds, but the script does not use license_key and email sending is not implemented; avoid putting secrets in the config unless you confirm the code actually needs them. - Duplicate files & packaging: there are duplicated scripts (monitor.py and scripts/monitor.py) and minor metadata version mismatches; this is likely sloppy packaging rather than malicious, but prefer the code from a verified source. - Network & cron: the script fetches arbitrary URLs and posts to Telegram; if you cron it, be mindful of target URL load and legal/ethical scraping limits. Review cron entries and logs before deploying system-wide. If you want higher assurance: obtain the repository URL from the author and inspect git history, confirm that the code in the published package exactly matches the upstream repo, or run the script in an isolated test account or VM without real credentials to observe behavior. If anything about the source or file inconsistencies cannot be explained, treat the skill with caution.