1688-product-to-ozon

This skill appears to implement exactly what it claims (mapping 1688 items and uploading them to Ozon using Ozon + AlphaShop APIs), but pay attention to these points before installing or providing secrets: - Metadata mismatch: The registry metadata states no required env vars, but the SKILL.md and scripts require OZON_API_KEY, OZON_CLIENT_ID and ALPHASHOP_ACCESS_KEY/ALPHASHOP_SECRET_KEY. Do not trust the registry summary alone—use the SKILL.md and code to understand requirements. - Secrets: The skill needs real API keys. Only provide keys you trust and consider using keys with limited scope/permissions. Do not reuse high-privilege/long-lived account credentials if avoidable. - Where credentials are stored: The README/SKILL.md suggests storing Ozon keys in ~/.openclaw/skillconfig/... and AlphaShop keys in the OpenClaw skill env. Confirm how your OpenClaw runtime persists those values and who/what can read them. - Review code before running: The Python scripts are readable and call only the documented endpoints, but you should still review (or run in an isolated environment) to ensure they behave as expected and to install the listed dependencies (requests, PyJWT) from trusted registries. - Operational note: There's no install spec; ensure dependencies are installed and that your runtime environment is isolated (e.g., container or VM) in case you want to limit blast radius. If you need higher assurance, ask the author to update the registry metadata to list required env vars, provide a homepage/source repo, and provide an install spec (or a vetted package) so you can better evaluate provenance. If you cannot verify the author or service (AlphaShop), treat the skill as untrusted and avoid supplying production credentials.