Ecom Price Monitor

The skill's files and runtime instructions do not match its stated purpose: there are unrelated Node scripts, hardcoded third‑party credentials, undeclared external network endpoints and payment flows, and missing dependency declarations — review before installing.

Do not install or enable this skill without manual review. Specific concerns: - The bundle contains unrelated Node and browser-automation scripts (order hunting, login automation) that are not mentioned in the SKILL.md. - Hardcoded credentials for an external site are included in the code — this could be used to access a third‑party account or leak data. - Two Python scripts call an external domain (1257964133-2ejbwpe7le.ap-shanghai.tencentscf.com) implementing order/payment logic; the README does not disclose this network interaction or what data is sent. - The SKILL.md only installs Python deps but many files require Node, puppeteer, and other binaries which are not declared — missing dependencies or hidden execution paths. What to do before proceeding: 1. Ask the author for a public homepage, source repo, and rationale for the node/automation components. 2. Inspect the external server API (who controls it?) and the exact data sent by create_order.py/service.py. Do not provide secrets if you cannot verify the operator. 3. Remove or replace hardcoded credentials; never run code that contains unknown account credentials. 4. If you want to test, run only in a tightly sandboxed environment (no network or limited network), and deny access to internal messaging channels until you validate behaviour. 5. Prefer a version that documents all dependencies (node/pnpm/npm, chromium) and documents exactly what will be sent to external endpoints and why. If you cannot verify these items, treat the skill as untrusted.