CamelCamelCamel Alerts

This skill appears to implement its stated purpose, but review a few things before installing: - Dependencies: The package declares no required binaries, but runtime needs: python3, jq, cron, and a working Clawdbot/host message delivery tool (Telegram must already be configured in Clawdbot). Ensure those are installed and available in PATH. - Cron examples mismatch: The Quick Start example in SKILL.md runs only fetch_rss.py; the SETUP.md example pipes the output through `jq '.alerts'` into scripts/notify.sh. Use the SETUP.md pipeline so notify.sh receives the JSON array it expects. - Cache reliability: fetch_rss.py uses Python's built-in hash() on strings to create cache keys. Python's str hash is randomized per process and can change between runs, which will likely cause duplicate notifications. Consider modifying the script to use a stable hash (e.g., hashlib.sha256) if you want reliable deduplication. - Data flow and delivery: notify.sh does not itself call Telegram’s API; it outputs formatted lines ('ALERT|...') and assumes the caller will route them to Clawdbot's messaging tool. Confirm how your environment picks up those lines and delivers messages, and verify that the message delivery tool stores tokens securely. - Input sanitation: The scripts include feed-provided titles/descriptions directly in messages. While expected for notifications, be aware that feed content could include unexpected characters or formatting. If you host this on a shared system, avoid using another user’s feed URL. - Permissions & cache location: The cache is stored under /tmp. If you need persistence across reboots, move it to a persistent directory and ensure appropriate file permissions. If you accept the above (install jq/python3, fix the hash function if desired, and wire up message delivery securely), the skill is functionally coherent. If you do not want to trust implicit delivery tooling or want reliable deduplication, request or implement the code changes before enabling automatic cron runs.