Church Account

This skill appears to be what it says (automating LDS/LCR website tasks) but it has several red flags you should consider before installing or running it: - Missing declarations: The SKILL.md expects Python, Playwright, playwright-stealth, and a Chromium browser but the skill metadata lists no required binaries or install steps. Verify and install these dependencies from official sources yourself rather than trusting an unknown installer. - Credentials handling: The code expects USERNAME and PASSWORD but the skill does not declare required environment variables. Do not put credentials into plaintext env variables or world-readable /tmp files. Use a secure password vault and inject secrets at runtime if possible. - Sensitive persistence: The skill saves storage_state (auth tokens/cookies) to disk. Those files are equivalent to logged-in sessions—store them encrypted, restrict file permissions, and delete when no longer needed. - Sandbox/stealth flags: The recommended browser arguments include --no-sandbox and stealth techniques intended to evade detection. --no-sandbox reduces process isolation and increases risk if you run this on a shared or untrusted host. Prefer running automation in an isolated, single-tenant environment (e.g., a disposable VM or container) and avoid --no-sandbox unless you understand the risk. - Source trust: The source/homepage is unknown. Only run this skill if you trust the author or can inspect and control the code that will run. If you plan to use it, prefer copying the provided code into a controlled repo, lock dependencies to known good versions, and review any third-party libraries (playwright-stealth implementations can be unvetted). If you want to proceed safely: obtain the dependencies from official registries, run the automation in an isolated container/VM, keep credentials in a vault and inject at runtime, secure storage_state files, and remove or avoid using --no-sandbox and other flags that weaken sandboxing.