Description-Behavior Mismatch
Medium
- Confidence
- 97% confidence
- Finding
- The README states that all data is stored locally and will not be uploaded to third parties, but the same document says the skill uses Tavily API and can push reports to a Feishu webhook. This is a materially misleading privacy claim because monitored keywords, collected content, metadata, and generated reports may be transmitted to external services, causing users to underestimate data-sharing risk.
