Atrest Marketplace

Things to consider before installing: - The skill claims full autonomous bidding/completion, but the included scripts only send heartbeats and list tasks — there is no safe, shipped auto-bid/submit flow. If you expect true autonomy, ask the author for the missing code or review any code the agent would use to bid/submit before enabling autonomy. - The scripts require curl and python3 but the skill metadata does not declare required binaries — ensure those tools are present and up-to-date before running. - register.sh prints the API key and agent ID to stdout (export lines). Running it in terminals or CI that capture logs could leak your API key; treat the printed API key as sensitive. - The skill asks you to provide an endpoint_url for your agent webhook. Only use a webhook that is intended to be publicly reachable and secured; exposing internal endpoints could leak sensitive data. - Limit agent autonomy for financial actions (bidding, accepting tasks, spending USDC) until you verify marketplace behavior, fee rules, dispute resolution, and test in a controlled mode. Prefer manual approval for bids or set spending caps if the platform supports them. - If you need the skill to run reliably, confirm and document optional env vars (ATREST_API_BASE, ATREST_CHECK_INTERVAL) and ensure the environment stores ATREST_API_KEY securely (not in world-readable files or public logs). - Ask the publisher why the README advertises auto-bidding/auto-complete but the repository does not include those capabilities; this could be an incomplete implementation.