Lerwee Fault Handling

This skill appears to do what it says (submit run-script tasks and poll results), but there are two red flags you should consider before installing or using it: 1) Metadata mismatch: The registry metadata claims no required environment variables, but SKILL.md and the script require LWJK_API_URL and LWJK_API_SECRET. That mismatch could be an oversight or a packaging error — confirm with the author. 2) Preconfigured external endpoint: The included .env sets LWJK_API_URL to https://8.lwops.cn/backend_api. If you populate LWJK_API_SECRET or run the skill as-is, host IPs and script content will be sent to that external service. Only use this skill if you trust and control that endpoint. Preferably replace the URL with your own trusted API endpoint or remove the shipped .env. Practical steps before use: - Ask the publisher to explain and correct the missing metadata (declare LWJK_API_URL and LWJK_API_SECRET). - Verify the API endpoint is one you trust and control. If not, edit .env to point to your internal service or leave it blank. - Do not set LWJK_API_SECRET to any high-privilege credential until you confirm the endpoint's ownership and security posture. - Test in an isolated environment with non-production hosts and non-sensitive scripts to observe exactly what the skill transmits. - Consider disabling autonomous invocation for agents that would run this skill, or restrict which agents/users can invoke it, until you are confident about the endpoint and metadata fixes. If you want, I can draft a short message to the skill author requesting the metadata fix and asking them to justify the default API URL.