uwillberich

This skill appears to do what it claims (A-share pre-open research) and uses expected APIs (Eastmoney, Tencent, MX, public RSS), but note two red flags: 1) the registry metadata omitted the required EM_API_KEY while SKILL.md/README say it is mandatory — confirm the key requirement before installing; 2) the package can persist locally (writes ~/.uwillberich/, creates SQLite/jsonl, and can install a launchd job). Before installing or running scripts: - Inspect scripts/runtime_config.py to see how it stores/reads your API key and whether it transmits it only to the documented endpoints. - Check any code that calls mkapi2.dfcfs.com (MX endpoint) to confirm the exact requests and whether your key is used only for intended queries. - If you don't want persistent polling, do not run install_news_iterator_launchd.py or the news_iterator loop; run one-off scripts only. - Avoid running install scripts as root; restrict runtime file permissions (store runtime.env with 600). - If you have operational or regulatory concerns about sending data to third-party endpoints, test the scripts in a network-controlled environment or review network calls in detail. If you want, I can inspect specific script files (runtime_config.py, mx_toolkit.py, news_iterator.py, install_news_iterator_launchd.py) and summarize exactly what HTTP requests they make and what they store locally.