Epo Patent Intelligence

The skill's files and runtime instructions broadly match a patent-monitoring/reporting tool, but there are multiple inconsistencies and risky items (missing declared credentials, hard-coded tunnel token, and system-level automation instructions) that require careful review before installing or running it.

This package contains a full monitoring/analysis system that will fetch EPO data, generate HTML dashboards, and run background automation. Before installing or running it: - Do not run scripts as root without auditing them first. Many scripts perform pkill, crontab edits, write system files (logrotate), or start long-running tunnels. - Treat EPO_CONSUMER_KEY and EPO_SECRET_KEY as required secrets even though the registry metadata omits them. Provide them only after you verify the code will use them only for EPO OPS API calls. - The repository contains a hard-coded Cloudflare TUNNEL_TOKEN in the docs; verify who controls hermes.sqncr.ai and rotate or remove any embedded token before use. Do not reuse that token. - Review scripts that start cloudflared and expose port 8080; exposing local dashboards to an external host can leak internal data. Consider running the server locally behind a VPN or in an isolated environment if you must test. - Because dependencies are not declared, inspect requirements (requests, cloudflared, etc.), run in a contained environment (container or VM), and pin package versions before installing. - If you plan to use the LLM analysis features, confirm what patent text will be sent to the LLM service and whether that complies with your data-sharing policy. If you want, I can: (a) list the exact places in code where credentials and external endpoints are referenced, (b) extract the lines that contain the hard-coded tunnel token and other absolute paths, or (c) produce a safe minimal checklist to run the skill in an isolated container.