RSS-Brew

This package appears to implement the RSS-Brew pipeline described, but there is an important mismatch you should address before installing: the code and README require LLM/context API keys (DEEPSEEK_API_KEY and optionally TAVILY_API_KEY), yet the skill metadata declares no required environment variables. Practical steps and cautions: - Do not supply API keys unless you trust the code and the external services (DeepSeek/Tavily). Review the phase_a_score and Tavily client files to confirm where keys are used and what endpoints are contacted. - The CLI will run Python scripts that fetch arbitrary RSS URLs and call external LLM/context APIs and will write run artifacts to the data-root (default: /root/workplace/2 Areas/rss-brew-data). Point data-root to an isolated directory if the default might contain sensitive data. - The skill bundle includes a pyproject/requirements but no automated install; create and use the recommended venv in the skill directory and install dependencies before running. The CLI prefers /root/.openclaw/.../venv/bin/python; if that venv is missing it will fall back to system Python which may lack dependencies and could alter behavior. - If you only want to inspect behavior, use dry-run and the '--mock' flags where available to avoid outbound LLM calls and to exercise the pipeline without sending data to third-party APIs. - If you need more assurance, perform a code review of the included scripts (phase_a_score, phase_b_analyze, tavily_client, fetch_rss) and run in a network-restricted environment or sandbox to observe outgoing connections. Given the undisclosed requirement for API keys in the manifest, treat this skill as suspicious until you confirm and control the external credentials and endpoints.