tg-cli

The skill appears to implement a local Telegram CLI that reasonably needs Telegram credentials, but the package metadata and packaging choices are inconsistent with the runtime instructions and code (missing declared env vars and no install spec despite packaged source).

What to consider before installing: - The tool legitimately needs your Telegram MTProto app credentials (TG_API_ID and TG_API_HASH) and will create a local session file and SQLite database; do not share your phone verification codes. The SKILL.md also says this. - The registry metadata does NOT declare the required env vars or an install spec, but the code and SKILL.md do require them — this packaging/metadata mismatch is suspicious and may cause surprise during install or runtime. Ask the publisher to correct metadata or inspect the package before installing. - Inspect config.py (in the source) to confirm where session files and the DB are written on disk and to verify there are no unexpected network endpoints. The provided code appears to only contact Telegram via Telethon, but you should confirm file paths and permissions. - Prefer installing from an official, verified source (PyPI package 'kabi-tg-cli' or the GitHub repo linked in pyproject). Use pipx to run it in isolation. Verify the repository owner and recent commits before installing. - If you do not want the agent to call this skill autonomously, disable model invocation for this skill in your agent settings (or set disable-model-invocation=true), since the agent could perform network actions using your account if credentials are present. - If you need further assurance, request the publisher to update registry metadata to list TG_API_ID/TG_API_HASH as required env vars and to add an explicit install specification, or run the code in a sandboxed environment first.