Byted Las Document Parse

This skill generally appears to do what it says: call a LAS API to parse PDFs/images and optionally upload/download results via TOS. Before installing, consider the following: - Secrets required: you must provide LAS_API_KEY and (for local-file uploads) TOS_ACCESS_KEY / TOS_SECRET_KEY and a TOS_BUCKET. Only supply credentials you trust and prefer creating a dedicated, least-privilege LAS/TOS keypair and bucket for this skill. - env.sh auto-load: the skill auto-loads env.sh from the skill directory and from the current working directory (and a user-specified --env-file will forcibly overwrite env vars). Make sure there is no sensitive env.sh in the working directory that could be picked up accidentally (e.g., CI keys, cloud credentials). Prefer using a minimal env.sh containing only the keys needed for this skill. - Automatic triggers: SKILL.md says to trigger whenever the user shares a local path/URL/tos:// path. If you want explicit consent before parsing local files, disable automatic triggers in your agent or only invoke the skill manually. - Data flow: the skill downloads remote images, saves files to /tmp, creates ZIP archives, and may upload archives to your TOS bucket and generate presigned download URLs. Review who has access to the TOS bucket and the lifetime of presigned URLs. - Review permissions: give the TOS credentials only the permissions required to write the expected result key/prefix, and rotate keys if you stop using the skill. If you want to increase confidence further, you can: (1) inspect scripts locally (they are included) to verify behavior, (2) run the skill in an isolated environment/container, and (3) create dedicated minimal-permission API/TOS credentials for it.