Deals Hunter

The skill generally matches a deals-aggregation purpose, but it has several mismatches (hard-coded user paths, undeclared/mismatched env vars, and implicit Discord push behavior) that are unexplained and warrant caution before installing.

This skill is plausible for gathering deals, but take precautions before installing: 1) Inspect and edit the script to remove or parameterize hard-coded paths (/Users/xufan65/...) so it uses your workspace or a configurable path. 2) Confirm and provide the correct Tavily env var(s) — the code expects TAVILY_API_KEYS (comma-separated) or TAVILY_API_KEY, but the SKILL metadata only mentions one name; standardize this. 3) The workflow mentions posting to Discord (channel IDs) but does not declare any webhook/token env vars — locate where the script sends Discord messages and ensure you supply a webhook or bot token via a properly named env var (and never paste it publicly). 4) Review network endpoints used (https://api.tavily.com/search, smzdm feeds, manmanbuy links) and confirm you trust them. 5) Run the script in a sandbox or with dry-run logging first to verify it only accesses expected files and endpoints. 6) If you lack trust in the author, avoid giving it access to sensitive directories or credentials; prefer to run a copy you’ve inspected and modified rather than installing it as-is.