Brand Dna Extractor

The skill's stated purpose (extract brand identity) is plausible, but the SKILL.md and registry metadata are internally inconsistent and the skill asks for overly broad/high-privilege credentials (Supabase service key) and implies installing/running components that are not provided — proceed with caution.

This skill appears to do what it says but has several red flags: the registry says there are no required env vars or code files but the SKILL.md expects a Python package and multiple API keys — that mismatch means the agent would need to install third-party code at runtime or call external services. Do not provide a Supabase 'service role' key; prefer a least-privileged, read-write-specific key or disable external caching. If you consider using it: (1) ask the publisher for the source code or a published PyPI package and verify it, (2) request a design that uses only one VLM provider or makes the fallback behavior explicit, (3) avoid giving high-privilege DB keys and audit any external storage (retention, access controls), (4) limit crawling depth and follow robots.txt / legal constraints, and (5) only install Playwright or other dependencies in a sandboxed environment after reviewing the package provenance. If you cannot get source/install transparency or reduce the Supabase key privileges, treat this skill as risky and avoid installing it.