Earnings Monitor

The skill's code and instructions are inconsistent and ask to execute other skills / remote node commands and contain hard-coded API keys, which is disproportionate to the stated installless instruction-only description.

This skill is suspiciously inconsistent and should be treated cautiously. Specific concerns: - Do not trust the bundled config.py keys: it contains hard-coded API keys (Notion and Google) and an absolute path. Those look like leaked secrets — do not use them. Replace with your own credentials stored in a secret store or environment variables. - The SKILL.md does not document several runtime behaviors: the code may pip-install packages, call the OpenClaw CLI to invoke a remote node (MacBook-Home), and execute another skill's script at /root/.openclaw/skills/obsidian-scout/scripts/librarian.py. Confirm you expect those actions before installing. - The skill does network calls (Notion API, Google Gemini via curl), and will send data (reports and possibly metadata). If you intend to keep reports private, verify exactly what is transmitted and remove any hard-coded keys. - The skill references Telegram alerts but the shipped config lacks Telegram credentials; confirm how alerts are configured and whether any other secrets are required. - Recommended actions before installing: (1) get the skill source from a trustworthy repo / author (there is no homepage), (2) remove hard-coded keys and supply credentials via declared environment variables or secure prompts, (3) inspect the obsidian-scout/scripts/librarian.py file that this skill will execute, (4) run the skill in a sandboxed environment or container first, and (5) rotate any real API keys that appear in the included config.py if you previously used them. Given the mismatches between documentation and code and the cross-skill/remote invocation behavior, only install after you (or a trusted admin) have audited and fixed the config and execution behavior.