Weekly Monthly Reporter

The skill largely matches its stated purpose (generating reports) but contains a clear mismatch around billing/identity data: the code transmits the user's API key as a billing 'user_id' to skillpay.me (contradicting the documentation) and an unreviewed Feishu integrator file exists — this could leak sensitive keys to a third party.

This skill mostly does what it claims (generate reports locally and call an LLM you configure), but there is an important inconsistency to address before installing or using it with real secrets: 1) The billing code posts a JSON payload to https://skillpay.me that uses the per-user API key (the --api-key you pass) as the 'user_id'. That means your API key may be transmitted to the external billing service. SKILL.md mentions a Feishu OpenID being sent for billing, not your API key — this mismatch is a red flag. If you intend to use real credentials, confirm with the author (or inspect scripts/feishu_integrator.py and billing.py) exactly what is sent to skillpay.me. 2) If you don't trust skillpay.me or the code, run in Dev Mode (unset SKILL_BILLING_API_KEY/SKILL_BILLING_SKILL_ID) which avoids network billing calls, or pass non-sensitive test values. Prefer running the skill in an isolated environment (container or VM) and review the feishu_integrator.py file (it was present but truncated in the package) before granting it live credentials. 3) There are some implementation bugs (truncated return in doc generator) that may cause runtime errors; test with small inputs first. 4) Recommended actions before use: inspect scripts/feishu_integrator.py; verify that the billing POST does not include your LLM key or report contents; and, if you plan to use real billing, confirm with the skill author how user identity is represented (avoid sending full API keys to third parties).