go-now

This skill appears to be a genuine travel assistant, but it performs several actions that have privacy and operational implications. Before installing or enabling it, consider the following: - Consent for location: It automatically attempts IP-based location lookups using public APIs (ipinfo.io, ip-api.com, myip.ipip.net) at conversation start. Ask the skill to get explicit permission before doing any geolocation (or prefer asking the user to provide city). - Shell/network use: The runtime expects to run curl commands and make outbound HTTP requests. Ensure you are comfortable with the agent making network calls to third-party endpoints, and verify whether your environment allows/monitors such calls. - Filesystem writes & auto-open: The skill will save an HTML file to ~/Desktop and open it in your browser. Confirm in-chat before any file is written or opened, and review the generated file before sharing. - Remote resources & data leakage: The demo template imports Google Fonts and allows embedding avatar URLs/images. Remote fonts/images trigger outbound requests when the file or preview is loaded, which can leak a URL load to external hosts. Prefer inlining assets or disallow remote image embedding, and do not supply sensitive images/URLs (e.g., private avatars or images behind authentication) unless you trust the behavior. - Inconsistencies to fix: The SKILL.md claims the HTML should be self-contained, but the provided template imports fonts from Google Fonts; and curl usage is assumed but not declared. Ask the author to (a) declare required binaries and network endpoints, (b) make the HTML truly self-contained or explicitly list external resources, and (c) require explicit user consent before geolocation, personal data collection, saving files, or opening browsers. If these issues are acceptable and you trust the skill author, you can proceed; otherwise request the fixes above or restrict the skill's ability to perform network calls and filesystem writes.