Geo Brand Master

The skill's code and runtime behavior generally match a brand-visibility crawler, but metadata underreports required dependencies and environment variables and one included module will fail at import unless a secret is set — these mismatches merit caution before installing or running.

Key points before you install or run this skill: - Dependencies & setup: The package requires Python 3.10+, Playwright (pip install playwright && playwright install chromium) and (optionally) Flask/requests/gunicorn for the API. The registry metadata does not list these dependencies — install them first or the scripts will fail. - Secrets & env vars: The tool uses GEO_API_KEY (verification/upgrade) and TAVILY_API_KEY (used by the included API server). Do not set these keys unless you trust the remote services (https://api.yk-global.com and Tavily). Note: api/geo_api.py will raise an exception at import time if TAVILY_API_KEY is not set, which may surprise users who only intended to run the local crawler. - Network behavior: The crawler uses Playwright to visit multiple external AI sites, the quota module calls api.yk-global.com for key verification, and reports can be POSTed to a configured Feishu webhook. Expect outbound network traffic — review the endpoints in config.json and the code. - Files written: The skill will create/modify a quota file (.geo_quota.json in the skill directory by default) and write report files to /tmp. If you need to limit persistence, set GEO_QUOTA_FILE to a safe path or inspect/clean the files after use. - Run safely: Test in an isolated environment (VM or container) first. Inspect config.json and remove or replace any webhook URLs before pushing reports. If you don't want the API server behavior, avoid running api/geo_api.py and don't import the api module in other contexts. - Review before providing keys: Only provide GEO_API_KEY or TAVILY_API_KEY if you understand they will be sent to the respective remote verification/search endpoints. If the registry or author cannot explain why TAVILY_API_KEY is required on import, treat that as a red flag. If you want, I can list the exact lines where env vars are read and where external requests are made so you can audit them before running.