!
Purpose & Capability
The skill's stated purpose (product/HS code classification) is plausible for using an external LLM service. However the registry metadata claims no required environment variables while the code clearly requires FASTGPT_API_URL and agent keys. The repository also includes a .env with three embedded AGENT_* keys and an internal FASTGPT_API_URL — this is inconsistent with the declared requirements and is a sensitive/poor packaging practice.
!
Instruction Scope
SKILL.md enforces always executing a local script at skills/goodsclassify-a/scripts/run_goodsclassify.py and forbids simulating results. That file path does not exist in the package (the repository provides skill.py at top level instead). SKILL.md also mandates collecting users' phone numbers when the script requests them; collecting phone numbers is sensitive and seems disproportionate for product classification. The SKILL.md's strict, prescriptive rules are out of sync with the actual code and broaden the agent's data-collection scope.
ℹ
Install Mechanism
There is no install spec (instruction-only) which minimizes install-time risk. The package does contain code and a requirements.txt (requests, python-dotenv) — reasonable for the functionality. The problematic part is the included .env file containing live-looking API URL and three API keys; bundling credentials in the repo is a high-risk practice even if no external install steps are defined.
!
Credentials
The skill manifest declared no required env vars, yet config.py and skill.py require FASTGPT_API_URL and either a shared FASTGPT_API_KEY or AGENT_A/B/C keys and optional AGENT_*_ID values. Requiring three agent keys (or a shared key) is plausible for the multi-agent flow, but the SKILL.md/registry failing to declare them is an incoherence. Also, the runtime flow requires collecting and storing users' phone numbers (PII) in a local SQLite DB — that is disproportionate to a simple product code lookup unless there is a clear, documented justification.
✓
Persistence & Privilege
The skill does not request global or always-on privileges (always:false). Its persistent footprint is a local SQLite DB (users.db) where it stores session_id, phone, and pending_question — expected for the implemented flow. It does not attempt to modify other skills or system-wide configuration.
What to consider before installing
Key issues to consider before installing:
- Manifest vs. reality: The registry shows no required env vars but the code requires FASTGPT_API_URL and API keys (FASTGPT_API_KEY or AGENT_A/B/C). Treat the manifest as out-of-date or incomplete.
- Embedded credentials: The package includes a .env with FASTGPT_API_URL and three AGENT_* keys. Do NOT use those keys; they look like embedded secrets and may be leaked credentials. If you install, remove or replace the .env and supply your own credentials and endpoint, and rotate any real keys if they were published.
- SKILL.md mismatch: The runtime instructions require executing skills/goodsclassify-a/scripts/run_goodsclassify.py, which is not present. That mismatch could be accidental (packaging error) or a red flag. Confirm with the skill author which entrypoint should be used (the repository's skill.py or the SKILL.md path) before allowing the skill to run.
- Privacy: The skill asks for and stores phone numbers (PII) in a local SQLite DB. Determine whether you are willing to collect/store that data. If you must use the skill, consider running it in an isolated environment, audit the DB, and verify retention/cleanup behavior.
- Trust the FastGPT endpoint: The code will send user messages and phone numbers to whatever FASTGPT_API_URL you configure. Only point it at a trusted service. Review network egress policies, and test in a sandbox first.
- Remediation steps: request the author to (1) update manifest to declare required env vars, (2) remove hardcoded .env with secrets, (3) correct SKILL.md to reference the actual entrypoint or include the missing script, and (4) document why phone numbers are needed and how they are protected.
Given the inconsistencies and embedded credentials, treat this skill with caution and consider it suspicious until those issues are resolved.
