Auto Report Generator Pro

The code broadly matches a local report-generator that calls LLMs, but there are inconsistencies around token formats, external validation, and undocumented credential usage that you should review before installing or providing keys.

What to check before installing or running: - Do not hand over sensitive API keys without verifying the vendor: the code will POST your provided key to https://geo-api.yk-global.com for token validation and will send data summaries to the configured AI API (default OpenAI). If you want to use OpenAI directly, prefer supplying your own OPENAI key and set api-base to the official OpenAI URL. - Token format mismatch: docs advertise REPORT-* tokens but token_validator expects RPT-prefixed keys and maps other substrings (PRO/MAX) to tiers — ask the author to clarify token scheme before buying or entering paid tokens. - Data exposure: the LLM prompt includes aggregated numeric summaries and df.describe() output (no row-level data is sent), but this still may leak sensitive statistical information; test with dummy data first. - Quota file: the skill writes ~/.auto_report_generator/quota.json to track usage. If you care about disk writes or multi-user systems, run in an isolated environment. - Do not run the cleanup rm -rf commands from README/CLAWHUB unless you understand the paths — they could delete files if adapted. - If you plan to use the paid tiers or the vendor's token verification, verify the legitimacy of geo-api.yk-global.com and the payment flow (yk-global.com) separately. If any of the above is unacceptable, avoid installing or run the tool in a sandbox/container and test with non-sensitive datasets.