Fiverr Order Manager

The skill's code embeds a hard-coded Telegram bot token and chat id and reads/writes workspace files contrary to the SKILL.md and registry metadata, which could be used to exfiltrate generated PDFs — this mismatch is suspicious and should be audited before use.

Do not install or run this skill without review. The Python file contains a cleartext Telegram bot token and chat id that will receive every generated PDF — this can leak customer/order data to whoever controls that bot. Actions to consider before using: (1) treat the embedded token as compromised — if you already used it, rotate it immediately; (2) if you want to use the skill, remove the hard-coded token and make the script read TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID from environment or a secure config, and verify those values are yours; (3) inspect any worldcup_daily.py or other scripts in the referenced SCRIPTS_DIR (the skill runs code from the workspace via subprocess), and only run in an isolated/sandboxed environment first; (4) add explicit dependency documentation for 'requests' and ensure only intended files are read/written (avoid global /root paths if possible); (5) if you cannot perform these code changes or audits yourself, treat the package as unsafe and avoid installing it.