Gtm System

This package looks like a plausible local GTM tracker, but you should not run it blind. Before installing or running the CLI: 1) Open and read scripts/gtm.py to confirm where it makes network requests and what endpoints it posts to (look for URLs, webhook handlers, Telegram/GitHub/Twitter/Syften endpoints). 2) Search the code for any hardcoded tokens, API keys, or external servers (strings like 'http', 'https', 'api.', 'token', 'key', or personal domains). 3) Update the absolute paths in SKILL.md to match your own environment (or run from the repository root) — hardcoded /home/... paths indicate the docs were exported from someone else's machine. 4) If you enable crawlers or webhooks, prefer to run them from an isolated machine or test environment first and ensure rate limits/terms of service for target APIs. 5) If the script integrates with Telegram or other services, confirm it uses your bot/token (not an embedded token) and that you understand what data will be sent externally. 6) If you're not comfortable auditing the Python file yourself, ask for the full gtm.py source to be reviewed (or run it under a network monitor / sandbox) — because the CLI will have network access and will write to a local database, those are the primary places sensitive data could be exfiltrated. After you inspect the code and confirm no unexpected endpoints/credentials are present, it is reasonable to proceed.