Tiktok Trend Slayer

This skill appears to do what it says: it calls EchoTik and (optionally) TikTok Shop APIs and writes reports to a local output directory. Before installing or running it: - Verify the publisher/source: check the referenced GitHub repo (SKILL.md lists a repo URL) and inspect the files there to confirm authenticity. The package's top-level registry metadata omitted required env vars — confirm the repo and packager. - Treat credentials as sensitive: only provide ECHOTIK_AUTH_HEADER and TikTok tokens that are least-privileged or short-lived. Do not paste long-lived master secrets into an environment used for other things. - Review network endpoints: the script calls https://open.echotik.live and https://api.tiktokshop.com. If you do not trust those endpoints or the third-party EchoTik service, do not provide credentials. - Run in a sandbox/isolated environment first: execute the script with dummy or read-only credentials and inspect created output files before granting real credentials. - Inspect outputs: reports include raw API JSON responses; they may contain PII or business-sensitive data. Do not publish outputs without review. - If you are concerned about automatic runs, restrict agent autonomy (prevent background/autonomous invocation) or set up monitoring and rotate tokens after use. If you want, I can: (1) fetch and summarize the GitHub repo contents, (2) point out exact lines where credentials are used, or (3) suggest a minimal test command that uses no real credentials so you can validate behavior safely.