Lead Researcher

The skill's code and instructions are consistent with its stated purpose (passive HTTP-based company enrichment) and it does not request unrelated credentials or installation steps.

This skill appears to do what it says: passive HTTP-based enrichment of company domains and optional querying of a third-party news API (Tavily). Before installing or running it: 1) Be aware it will make outbound HTTP(S) requests to whatever domains you provide (including optional third-party API calls if you set TAVILY_API_KEY). 2) Review and confirm the code sections not shown here to ensure there are no hidden telemetry endpoints or unintended network calls; the UA string references edgeiq.dev which will appear in target server logs. 3) The README/SKILL.md asks you to respect robots.txt/terms of service, but the script does not appear to enforce robots.txt automatically — only run lookups you are authorized to perform. 4) If you plan to provide real contact lists or run bulk lookups, run the script in an isolated environment or with rate-limiting to avoid accidental abuse. 5) The package owner is unknown; if you require trust guarantees, obtain the code from a verified source or run a security review before use.