AI慧记

This skill appears to implement meeting-transcript and share-link parsing functionality as described, but there are a few red flags to consider before installing: - The registry metadata claims no required environment variables, but all scripts require an appKey (XG_BIZ_API_KEY or XG_APP_KEY) and optionally XG_USER_TOKEN. Do not provide highly privileged credentials until you confirm what the appKey can access and whether it can be scoped or rotated. - The Python scripts disable TLS verification (requests(..., verify=False)) and suppress warnings. This weakens network security and could expose transcripts to interception on untrusted networks. Ask the publisher to remove verify=False or provide a documented reason and a proper CA bundle. - The skill writes transcript caches under .cache/huiji in the skill directory. These files may contain sensitive meeting text; ensure the execution environment's filesystem is trusted, encrypted if necessary, and that cache cleanup/retention is acceptable. - Confirm the backend domain (sg-al-ai-voice-assistant.mediportal.com.cn) and the expected issuer of the appKey/share links. If you don't recognize the service or cannot verify its privacy/legal terms, avoid providing credentials or using it for sensitive meetings. Recommended actions before use: request corrected manifest declaring required env vars and config paths; ask publisher to remove insecure TLS options or explain them; test with a low-privilege appKey and non-sensitive data; and review or periodically purge the .cache/huiji directory.