shop-review-generator

The skill contains significant security vulnerabilities, including a hardcoded AMap API key and logic that explicitly disables SSL certificate verification in `scripts/amap_poi.py`. While the skill's stated purpose is to generate 'human-like' reviews to bypass platform detection (astroturfing), which is ethically questionable, there is no clear evidence of intentional malware, data exfiltration, or system compromise. The image conversion script `scripts/convert_heic.py` uses `subprocess.run` with argument lists, which mitigates common command injection risks.