Customer Logo Wall

Key things to consider before installing or running this skill: - Source trust: the skill's source/homepage is unknown. Only proceed if you trust the author or have reviewed the code. - Excel overwrite: SKILL.md says it will write the Chinese-name column back into your original Excel file and overwrite it. There is no provided script that reads/writes Excel in the bundle, so verify how Excel→JSON conversion and the actual overwrite would occur. Always back up your Excel files before running. - External executable (AGENT_BROWSER): verify what you set AGENT_BROWSER to. The verify script runs that executable with 'open' and 'eval' via subprocess — if that binary is malicious or compromised it can run arbitrary code. Prefer running in a sandbox/container or replacing that flow with a trusted scraper you control. - SSL verification: verify_logos.py disables SSL certificate checks for downloads. This weakens security and may let man-in-the-middle data be returned. Consider editing the code to use default SSL verification or run it on a network you trust. - Dependency & metadata mismatch: metadata in the registry claims no required binaries/env vars, but the README and scripts require Node, Playwright, Chrome, Python 3.9+, python-pptx, pillow, pytesseract (optional). Make sure dependencies come from trusted package sources. - Test safely: run the scripts on a small, disposable sample dataset in an isolated environment (container or VM), and inspect the outputs and any files written. If you need the Excel integration, implement or verify the Excel read/write step yourself and remove any automatic in-place overwrite unless explicitly desired. - Code fixes: redownload logic in verify_logos.py contains suspect/buggy code paths (e.g., string .includes used like JS), indicating the scripts haven't been robustly tested. Treat outputs cautiously. If you can't perform these checks, treat the skill as risky and avoid using it with sensitive customer data.