French Business Analyser

What to consider before installing: - Privacy: the hosted endpoint will receive SIREN/VAT numbers and (if you use it) invoice text and IBANs. For confidential invoices or sensitive payment identifiers, prefer self-hosting and audit the repository before sending data to the hosted service. - Consent gate: the SKILL.md relies on the agent to block paid-tool calls until the user consents. Verify your agent enforces that consent flow; otherwise you could incur charges or leak data. - Verify the hosted endpoint and source: the README points to a Railway URL and a GitHub repo. Confirm the repo is the exact source of the hosted service (watch for forks or typosquatting) and review .env.example to see what server operators must provide. - Third parties: the server uses Anthropic for synthesis and may contact official registries; server operators will hold Anthropic and registry API keys. Understand their privacy policy and how they handle traveler data (logs, telemetry). - Payments: the service supports x402 (USDC on Base) and Stripe MPP; confirm billing behavior and that no wallet private key is required on the agent side (the docs claim verification-only). - If you lack resources or trust: self-host via the provided Docker instructions, supply your own INSEE/Anthropic keys, and run the service in your environment. That gives the strongest control and makes the skill's claims verifiable. Overall: the skill appears coherent for its stated purpose, but the main risk is that sensitive business documents/identifiers will be sent to a third-party hosted server. If you plan to process confidential invoices or payment info, audit or self-host before use.