Odds Movement Monitor 盘口监控

Key things to consider before installing or running this skill: - Credential mismatches: The package uses ODDS_API_KEY (the-odds-api) and expects a SKILLPAY user id, but the registry metadata here does not list these as required env vars. Confirm which environment variables you must set (ODDS_API_KEY, SKILLPAY_USER_ID, SKILLPAY_API_KEY) before running. - Hardcoded billing key: payment.py contains a hardcoded BILLING_API_KEY string. Hardcoded secrets are risky (they may be leaked, revoked, or abused). Treat this as a red flag: ask the author to remove the embedded key and make the billing key configurable via environment variables. - Billing behavior: The skill integrates with skillpay.me and will attempt to check/charge the user at startup (and may exit if payment verification fails). Expect network calls to the billing provider and potential automatic charges. Verify the billing provider, endpoints, and the policy before use. - Network access: The skill makes outbound requests to the-odds-api.com and skillpay.me. If you run this in an environment with sensitive data, run it in a sandbox or isolated environment and review network logs. - Legality and policy: This is a gambling-related tool. Ensure using it complies with your local laws and platform policies. - Practical checks: • Inspect or remove the hardcoded BILLING_API_KEY before running. • Provide required API keys via environment variables and confirm meta/registry declarations are corrected. • Run the code in a controlled environment first and observe which external endpoints it contacts. If the author can provide an updated manifest that consistently declares required env vars (ODDS_API_KEY, SKILLPAY_USER_ID and/or SKILLPAY_API_KEY) and remove the hardcoded key, that would materially reduce the concerns. Until then, treat the skill with caution.