Topic Monitor

Name/description match the implementation: the package is a Python-based topic monitor that performs scheduled searches, scores results, stores local state, and queues alerts for agent delivery. Required binary (python3) and optional env vars (TOPIC_MONITOR_TELEGRAM_ID, TOPIC_MONITOR_DATA_DIR, WEB_SEARCH_PLUS_PATH, plus optional search-provider keys) are proportionate to the described functionality. There are no unrelated credentials (AWS, GitHub tokens, etc.) requested.

SKILL.md instructs running the included Python scripts, setting up cron, and optionally providing search-provider keys. The runtime instructions and code operate on local files (config.json, .data/) and call a local/partner 'web-search-plus' script via subprocess; they do not perform direct HTTP calls themselves. One minor mismatch: SKILL.md/promos say 'Memory Integration' and referencing past conversations, but the code shown only reads its own local state and has hooks to external skills (e.g., personal-analytics) rather than directly accessing an agent's conversation history — verify how 'memory' is implemented in your agent environment if that matters to you.

There is no remote install/download step defined (no install spec). The skill is executed as Python scripts shipped with the skill; no external arbitrary downloads or extracted archives are present in the provided files. This is low-risk from an install mechanism perspective, assuming you trust the included source files.

The skill declares no required secrets and only a small set of optional env vars for delivery (Telegram chat id), data directory, and the path to the web-search-plus script. The code forwards only an allowlisted set of env vars to the search subprocess (PATH, HOME, LANG, TERM, and explicit search API keys). This is reasonable for the stated purpose. Recommendation: only provide search-provider API keys and messaging credentials you trust and scope appropriately. Also note SMTP credentials are stored in config.json examples (not env vars) — review where you store sensitive email credentials.

Skill does not request always:true and runs only when invoked or scheduled. It writes state and queue files under a configurable .data/ directory inside the skill (TOPIC_MONITOR_DATA_DIR), which is expected. The setup_cron.py may add cron jobs to the user's crontab for scheduling — inspect that script before running to confirm desired cron behavior. The skill only modifies its own files and does not attempt to alter other skills' configs.