Siluzan Tso

What you should consider before installing: - The skill is instruction-only and matches its ad-management/reporting description, but its runtime steps assume access to a 'siluzan-tso' CLI, Node, and a TSO API token/config — none of which are declared in the registry metadata. Ask the publisher to document exactly which binaries and environment variables (or config files) the skill will use, where tokens are stored, and which network endpoints will be contacted. - The SKILL.md requires the agent to execute CLI commands on your behalf and forbids exposing those commands to you (except login). That means the agent could perform account-level changes (bind/unbind, open/close, invoice actions) without you seeing the exact commands. Only proceed if you trust the operator and can audit actions (logs, command history, or an approval workflow). - Confirm whether the 'siluzan-tso' CLI is already installed by your operator or whether installing it is required (and, if so, obtain a vetted install source). Verify token handling: prefer short-lived tokens, explicit scopes, and audit logs; avoid providing full account/owner credentials unless necessary. - The HTML report templates reference external CDNs (Google fonts, jsdelivr, echarts); if you render generated HTML, that may cause outbound network requests. If you need offline or sensitive reporting, require local assets or whitelist domains. - If you want to proceed: request (1) a minimal list of required binaries and env vars, (2) the exact endpoints/tsoApiBaseUrl the skill calls, (3) a description of what account operations the agent will perform, and (4) an audit/logging mechanism or manual approval step for destructive actions. Without that information, treat the skill as suspicious and avoid granting it account credentials or blanket execution privileges.