Hot Topics Daily

The skill mostly does what it says (fetch trending topics and format a Discord message), but there are unexplained or inconsistent pieces (an extra Python module that expects API keys not declared in the manifest, undocumented environment access, and a third‑party API host) that warrant caution.

What to consider before installing: - The main Node script matches the description and only needs Node; it fetches data from the configured API base (https://60s.viki.moe/v2) and outputs a message for your agent to send to Discord. That behavior is coherent. - There is an extra Python file (global_news_fetcher.py) that is not referenced in SKILL.md as requiring credentials but reads CURRENTS_API_KEY and GNEWS_API_KEY from the environment. If you have those keys in your environment, running this file (or an agent invoking it) would expose/use them. Ask the author why this module is included and whether it is used; remove or sandbox it if you don't need international news. - The skill relies on a third-party API host (60s.viki.moe). Verify you trust that host and its content; the script parses and posts returned data without sanitizing more than simple truncation. - The config contains a Discord threadId but no token; the script prints to stdout and depends on your agent/tooling to actually post to Discord. Confirm your agent's message-send behavior so it posts only to the intended destination. - If you plan to run the Python module, ensure the Python runtime and 'requests' library are installed and consider running it in an environment without sensitive keys, or explicitly set and review any API keys you provide. - If you want higher assurance, request the maintainer to: (1) remove or document the Python module and its env vars in SKILL.md, (2) declare any required env vars in the manifest, and (3) prefer using well-known API endpoints or provide a clear privacy/security note about the third-party host. Overall: functionally coherent for basic trending fetches, but the undocumented credential access and extra code file make this suspicious until clarified or tightened.