Arshis-Game-Design-Pro

The skill claims to be fully offline and require no credentials, but bundled code and docs reveal undisclosed network calls and environment variables — the declared purpose and the actual code are inconsistent.

This skill claims to be offline and require no API keys, but the code and SECURITY.md show it can send data externally (reviewer -> api.siliconflow.cn) and perform web searches (auto_learner -> baidu-search) using environment keys (SILICONFLOW_API_KEY, BAIDU_API_KEY). Before installing or enabling it: 1) Ask the author to confirm when and which features make external calls and to document required env vars explicitly; 2) Inspect reviewer.py and auto_learner.py (and any script that references 'baidu-search' or external URLs) to see what data is sent and to which endpoints; 3) Do not set SILICONFLOW_API_KEY or BAIDU_API_KEY in a production account unless you trust the endpoints; 4) If you need to run it, do so in an isolated/sandbox environment or offline VM and consider removing or disabling auto-learning and reviewer network calls; 5) Prefer an updated release that fixes the manifest (declare env vars) and either removes external network behavior or documents it clearly. If you cannot verify the external-call behavior, treat this as untrusted for sensitive documents.