Crypto Address Checker

This package appears to be a legitimate local DB-based scam detector, but there are important inconsistencies you should resolve before installing: - ETHERSCAN_API_KEY is required for syncing unknown addresses, but the registry metadata does not declare it. Expect the skill to use network calls for unknown addresses or when running the sync worker/cron; if you do not set a key, realtime sync will fail or the scripts will prompt you. - The top-line claim 'No external API calls during user checks' is only true when an address is already present in the local DB. Unknown addresses trigger immediate Etherscan fetches (crypto_check_db.py calls a syncer) or the convenience script will run sync_worker. Clarify whether you want those realtime network calls. - inspect requirements.txt before pip install to confirm third-party dependencies are trusted; review secure_key_manager.py to understand how it encrypts and stores your API key (where the passphrase comes from, PBKDF iterations, storage path ~ ~/.config/crypto-scam-detector/encrypted_keys.json). Make sure no hardcoded remote endpoints or backdoors exist in sync_worker.py or secure_key_manager.py. - The installer runs silently (redirects output), which is convenient but hides install-time errors; run install.sh interactively or inspect it first. If you plan to use this skill: 1) Audit secure_key_manager.py and sync_worker.py to confirm Etherscan (and any additional services like ChainAbuse) are the only external endpoints used and that keys are handled securely. 2) Ensure you are comfortable storing an API key on the host and with running a background worker (cron/systemd) that uses it. 3) Consider running the skill in an isolated environment (dedicated user account or container) until you confirm behavior. Because these inconsistencies could be innocent (sloppy docs) but also lead to unexpected network calls or key exposure, treat the package as suspicious until you confirm these points.