!
Purpose & Capability
Name/description match the code: handler.py fetches a URL or uses provided text, extracts up to 20 deduplicated emails. However SKILL.md advertises an API key and a per-call price that the code does not use; the code also returns a hardcoded "payment_status": "paid"—this is disproportionate and inconsistent with the stated payment integration.
ℹ
Instruction Scope
SKILL.md instructs normal usage for extracting emails and does not ask the agent to read unrelated files or system state. The code does perform network fetches of arbitrary URLs (expected for a web extractor) which can expose the agent to untrusted content and can be abused if used on internal URLs (SSRF-like risk).
✓
Install Mechanism
No install spec; the skill is instruction/code-only and will not pull external installers. handler.py uses the requests library, but no installation steps are declared—runtime must provide requests. This is low install mechanism risk.
!
Credentials
The skill declares no required env vars, but SKILL.md exposes an apparent secret/API key (prefixed sk_...) and a pricing statement. The code never references that key or any credentials. Including a secret-looking key in documentation without use is inconsistent and may indicate credential leakage, mistaken sample data, or an attempt to direct users to an external paid endpoint not implemented in the code.
✓
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not request persistent system privileges. Autonomous invocation is allowed by default (no additional privilege flags present).
Scan Findings in Context
[hardcoded-api-key-in-doc] unexpected: SKILL.md contains 'API Key: sk_93c5f...' which looks like a secret but the code does not use any API key. This is not expected for a simple extractor and may be accidental leakage or an attempt to redirect users to an external paid service.
[hardcoded-payment-status] unexpected: handler.py always returns "payment_status": "paid" even though there is no payment enforcement in the code. This mismatch with SKILL.md's pricing is inconsistent and could be misleading.
[arbitrary-http-fetch] expected: handler.py fetches arbitrary HTTP(S) URLs via requests.get to obtain page content, which is expected for a web email extractor but carries normal risks (untrusted content, SSRF potential if agent has access to internal networks).
What to consider before installing
This skill mostly does what it says (fetches a page or parses text and returns up to 20 deduplicated emails), but there are mismatches you should clarify before installing. SKILL.md includes a secret-looking API key and a per-call price while the code never uses any credentials and always reports "payment_status": "paid"—that inconsistency could be an accidental leak of a key or an attempt to steer you to an off-platform payment flow. Also note that the skill will fetch arbitrary URLs (normal for scraping) which can expose your agent to untrusted content and, if the agent has network access to internal hosts, could be abused for SSRF. Recommended steps: (1) Ask the publisher to explain the API key/pricing and remove any real secrets from docs; (2) verify where payments are processed and that billing is enforced outside the skill if intended; (3) run the skill in a sandboxed environment with restricted network access before any production use; (4) rotate any exposed API key immediately if it belongs to you; and (5) consider legal/privacy implications of scraping and storing email addresses before using the skill.
