TinyFish Web Agent

This skill appears to do what it says: send scraping requests to TinyFish using a TINYFISH_API_KEY. Before installing, consider the following: - Confirm the credential mismatch: the SKILL.md and script require TINYFISH_API_KEY, but the top-level metadata omitted it. Ask the publisher to correct the manifest or explain why it's missing. - Data exfiltration risk: scraped pages (HTML, form responses, etc.) are sent to agent.tinyfish.ai. If you intend to scrape pages that contain sensitive data (credentials, PII, private endpoints), do not use this skill unless you have explicit permission and trust the TinyFish service and its privacy/security controls. - Legal/ethical risk: the 'stealth' browser_profile and proxy options explicitly enable evading bot protections and geolocation restrictions. Using those features can violate site terms of service or local law—review the target site's terms and applicable law before use. - Verify publisher/trust: the Source is unknown; check the homepage, documentation, and publisher identity (owner ID) before entrusting API keys. Prefer storing API keys in secure vaults rather than in plaintext files; if using the suggested Claude-specific settings file, be aware that file-level storage may expose secrets to other local processes. - If you need confidentiality, consider running your own scraper or a self-hosted alternative so scraped data never leaves your environment. If the publisher provides more information (official docs, privacy/security policy, or an updated registry manifest that includes the TINYFISH_API_KEY requirement), re-evaluate — that could raise confidence toward 'benign'.