extropy

The skill's declared runtime instructions, required environment variables, and config-file access are consistent with an operator that runs the Extropy CLI and orchestrates LLM-backed simulations, but there are a few metadata discrepancies and sensitive-config considerations the user should review before installing.

This skill appears to be what it says: an operator that runs the Extropy CLI and inspects simulation artifacts. Before installing or enabling it, check the following: 1) Metadata mismatch — the package header claims 'no required env vars' but the SKILL.md requires multiple provider keys and a config file; ask the publisher to fix this if you need an authoritative inventory. 2) Inspect ~/.config/extropy/config.json (or run extropy config show) to see whether it contains credentials or other sensitive values; prefer storing provider keys in minimal, scoped test accounts. 3) Only supply the provider API keys you actually need for the experiments you will run; do not hand over high-privilege production keys unless necessary. 4) Verify the extropy binary you will use is obtained from the official repository/release (the skill points to the GitHub repo) and run it in an isolated environment if study data is sensitive. 5) Remember extropy CLI commands can read and export local study DBs and JSONL files (study.db, agents.jsonl, states.jsonl) — treat those exports as potentially sensitive and avoid automatic exfiltration. If you want higher assurance, ask the maintainer to: (a) reduce the list of required env vars to only the minimum, (b) clarify whether ~/.config/extropy contains secrets, and (c) add explicit guidance for running with scoped/test credentials and rate-limited provider keys.