Sentiment Compass Pro

The skill mostly matches its stated scraping + sentiment analysis purpose, but it contains undisclosed external license/verification network calls and local caching behavior that are not documented in SKILL.md — this mismatch is suspicious and worth reviewing before use.

Before installing or running this skill: - Review the scripts (scripts/sentiment.py) yourself, especially the verify_token() implementation and the network POST to https://geo-api.yk-global.com/validate, to see exactly what data is sent. The code appears to send user-supplied API keys for remote verification and caches results locally. - Do not provide any production or high-privilege API keys (GLM-4 keys, cloud credentials, etc.) until you confirm the verification endpoint and payload are legitimate and you trust the operator (yk-global.com). Consider using a throwaway/test key first. - Note that the skill writes data and config (including webhooks / SMTP credentials) to ~/.sentiment-compass and ~/.sentiment_cache — store only non-sensitive test data or run inside an isolated VM/container. - If you do not want external verification, locate and disable/stub verify_token() or run the tool in an environment without network access for license checks (but GLM-4 calls also require network). - Verify ownership of the 'yk-global.com' domain and the business relationship (purchase link appears in README). If you cannot verify the vendor, exercise caution and prefer manual or self-hosted alternatives.