Wine Archive

The skill appears to be what it says: a local, SQLite-backed personal wine archive with optional LLM and Telegram integration; there are minor metadata/instruction mismatches to review but nothing that indicates malicious intent.

This skill appears to be a straightforward local wine archive. Before installing, consider: 1) Inspect setup.sh—it runs npm install and may build native modules (better-sqlite3/prebuild-install downloads are normal for native packages). Run it in an environment you control. 2) Node >= 22 is required; the registry metadata did not declare this—make sure your runtime meets it. 3) Telegram features require the OpenClaw CLI and a configured Telegram bot; those are optional but not declared as required binaries. 4) The skill writes a SQLite DB and copies images to data/wine/labels (default path) and appends to data/wine/audit.log — back up any existing data and review WINE_DB_PATH if you want a custom location. 5) LLM features are optional and require you to add ANTHROPIC_API_KEY or OPENAI_API_KEY to a .env; do not provide keys unless you want cloud LLM classification. 6) Export/Import can embed images as base64 in a single JSON file (sensitive data) — be careful sharing exports. If you want extra caution, run the setup and npm install inside a disposable container or VM and review the contents of setup.sh and any scripts before executing them.