Pangolinfo Ai Serp

This skill is a Pangolin API client and legitimately needs an API key or email+password to work, but there are some red flags to consider before installing or using it: - Metadata mismatch: The registry metadata claims no required env vars, but the SKILL.md and scripts require PANGOLIN_API_KEY or PANGOLIN_EMAIL + PANGOLIN_PASSWORD. Confirm this with the publisher before providing credentials. - Credential caching: The script will cache your API key at ~/.pangolin_api_key (permanently). If you use this skill, expect a file containing your API key in your home directory. If you share the machine or have backups, that key could be exposed. Remove or rotate the key after use if you’re concerned. - Prefer API key over email/password: The docs show both options; providing an API key (rather than your account password) is safer. Create a dedicated API key on pangolinfo.com with minimal scope and revoke it after use if unsure. - Verify the endpoint and vendor: The client talks to scrapeapi.pangolinfo.com and pangolinfo.com. Confirm you trust that service before giving credentials or running network tests. - Inconsistencies in docs: The references/docs mention PANGOLIN_TOKEN and ~/.pangolin_token, but the script uses PANGOLIN_API_KEY and ~/.pangolin_api_key. Expect possible confusion when troubleshooting. - Running self-test: The included self_test.sh will attempt live authentication and a search. Only run it if you expect real network calls and are comfortable using your credentials in this environment. If you still want to proceed: provide an API key (not your account password), review and optionally edit scripts to change the cache location or remove the cache step, run the client in an isolated environment (or revoke/rotate the key afterward), and confirm the publisher/source of the skill due to metadata inconsistencies.