Construction Mediation Kg

What to consider before installing: - API keys & external services: This skill optionally integrates with third‑party legal AI providers (dashscope / 通义法睿, 智谱). You will need to provide DASHSCOPE_API_KEY / ZHIPU_API_KEY for those features. Any case text or evidence you send to those APIs will leave your environment — redact or avoid sending sensitive personal/company data unless the provider and contract meet your privacy/compliance needs. - Manifest inconsistency: The registry metadata does not declare required env vars, but the SKILL.md and code expect them. Ask the publisher to update manifest to list optional/required credentials so you can assess permissions before enabling the skill. - Third‑party packages: The skill recommends pip installing dashscope. Treat PyPI dependencies as a moderate risk — verify the dashscope package's provenance, pin specific versions, and install in an isolated/ephemeral environment (virtualenv / container) if possible. - Local data storage: The skill writes case and evidence files to local directories (./case_data, ./evidence_data). Ensure these directories are placed where you want persistent data stored, consider disk encryption, access controls, and purge policies for sensitive case files. - Code review & trust: Source files are included and largely human-readable. If you plan to use the integration features, review farui_integration.py (and other modules) and test calls with non-sensitive sample data. Prefer disabling external provider integration if you need strictly local-only operation. - Recommended mitigations: run in isolated environment, require explicit consent before sending real case data to external APIs, confirm dashscope provider's data retention policy, and request the publisher to declare env vars in the registry and to provide a minimal reproducible install spec (including pinned dependency versions).