Batch Format Converter Pro

The skill mostly does what its name says (file conversions) but includes undocumented remote license validation and local caching of API keys, and the package metadata does not declare the credentials/config it actually uses — this mismatch is concerning.

This package implements the advertised conversion features, but it also performs remote license/token verification and caches results locally — and the registry metadata does not declare the credential/config requirement. Before installing or using it: (1) Inspect the full converter.py (the file here is truncated) to confirm exactly what data is sent to geo-api.yk-global.com and whether any user-supplied keys are transmitted. (2) Do not reuse sensitive API keys (AWS, GitHub, email, banking keys) as the converter token; create a dedicated service token if required. (3) Run the tool in a sandbox or VM first to observe outbound connections and files created under your home directory (~/.batch_converter_cache). (4) If you need offline use or cannot trust the external endpoint, remove or stub out the verify_token call before running. (5) Ask the publisher for a clear declaration of where to place tokens (config.yaml) and why no required env vars are listed in the metadata — lack of that documentation is a red flag. If you cannot verify the network behavior or trust the source (homepage unknown, owner ID unfamiliar), treat it as untrusted code.