Iran War Tracker V2

Name/description claim multi-source collection (Jin10 MCP, WebSearch/Jina, Tavily). The included Python scripts implement that. However the skill metadata declares no required binaries or env vars while the runtime clearly expects Python and third‑party libraries (httpx, requests, pandas, tushare) and may use optional API keys (AlphaVantage, Tushare, Tavily). This mismatch between declared requirements (none) and actual needs is incoherent and will surprise users.

SKILL.md instructs the agent to run local scripts and to load local framework/template files (which are present). The scripts fetch data from multiple external endpoints (mcp.jin10.com, cls.cn, stooq.com, alphavantage, etc.) — appropriate for the stated purpose. However the scripts also read environment variables (ALPHAVANTAGE_API_KEY, TUSHARE_TOKEN) and the SKILL.md does not declare these or explain required credentials; that is an instruction-scope gap. There is no instruction that the agent should access unrelated local files or secrets, and no explicit exfiltration code, but the undocumented env-var access is concerning.

There is no install spec (instruction-only), yet the package bundles multiple Python scripts that import non-standard libraries (httpx, pandas, tushare). Without an install mechanism or declared required binaries, the skill assumes a prepared Python runtime with those packages available — an operational/integrity risk and an incoherence in packaging. This is a moderate risk (missing dependency management) rather than an explicit supply-chain download from unknown hosts.

The skill metadata lists no required env vars, but code reads ALPHAVANTAGE_API_KEY and TUSHARE_TOKEN (optional fallbacks) and SKILL.md mentions an optional Tavily API key. Most importantly, jin10_mcp.py contains a hard-coded JIN10_AUTH_TOKEN (a bearer token string) embedded in source. Embedding a bearer token in distributed code is unexpected and potentially sensitive: it may be a shared/public token, a leaked secret, or permit third-party access using the user's environment. The lack of declared env vars plus the embedded credential is disproportionate and should be clarified.

Skill flags are default: always=false and user-invocable; it does not request persistent platform privileges or modify other skills. No auto-enablement or system-wide config changes are present in the files. This dimension is acceptable.