Data Sentinel Pro

This skill's functionality (fetch page, detect changes, send Telegram/email) is consistent with its description, but there are several red flags you should address before installing or supplying credentials: - Metadata vs runtime mismatch: the registry declares no required env vars/config paths, but SKILL.md and the script expect ~/.openclaw/openclaw.json to hold license_key, telegram_token, email credentials, etc. Treat any credential requests as sensitive and avoid entering real, high-privilege secrets until you verify the source. - Storage path mismatch: SKILL.md documents storing monitors under ~/.openclaw/workspace/..., but the script writes to ~/.openclaw/data/sentinel. Confirm where data and credentials will be stored and back up or inspect those files after installation. - package.json oddity: a Node package.json lists Python libraries (requests, beautifulsoup4). This suggests sloppy packaging or an unreviewed third-party. Prefer installing only after reviewing the repository (the SKILL.md points to a GitHub URL — inspect that repo) or running the script in an isolated environment. - Network behavior: the script will fetch arbitrary URLs you configure and will post notifications to api.telegram.org if a Telegram token is provided. It does not appear to exfiltrate data to unknown endpoints, but because it reads local config and could contain secrets, verify the code yourself or run it in a sandbox. What would increase confidence: a verified repository/source (matching code), updated metadata that declares required config/env vars, correction of the storage-path inconsistencies, and clearer packaging (a requirements.txt or proper packaging for Python rather than package.json). If you cannot verify these, avoid providing real credentials (use a throwaway Telegram bot/chat for testing) and run the script in an isolated account/container.