binance-square-skill

This skill appears coherent with its purpose, but review these practical safety points before running: - Review the included code (scrape-square.mjs and send-telegram.mjs) yourself — they are the only executable files and are readable (no obfuscated code was found). - COINGLASS_BASE: only provide an API base URL you trust. If you point this to a third-party proxy, that proxy will receive all coinglass queries and any API key you include there may be exposed. - Telegram creds: TG_BOT_TOKEN and TG_CHAT_ID are sensitive (bot token grants message-sending power). Only set them if you trust the skill and the host environment. Prefer creating a dedicated bot and chat for testing. - Network activity: the scraper launches Puppeteer and intercepts internal Binance API responses. This generates web traffic to Binance and to your COINGLASS_BASE and to api.telegram.org. If you need to limit exposure, run inside an isolated environment (container or VM) or inspect network traffic first. - Installation: npm install will pull puppeteer-core and its transitive deps. Ensure you run this in a controlled environment and have compatible Node/Chrome versions (or set CHROME_PATH). - Legal/ToS: scraping undocumented internal APIs may violate Binance terms of service; consider legal/compliance implications before automated runs. - Testing: use the provided test modes (e.g., send-telegram.mjs --test and smaller --scrolls values) to validate behavior before full runs. If you want extra caution: run the skill in a disposable container, avoid supplying long-lived or high-privilege credentials, and point COINGLASS_BASE to your own proxy that you control so you can audit requests.