alphashop-image

This skill appears to be a genuine AlphaShop image-processing client, but there are a few things to check before installing: - Keys required: The script and SKILL.md require ALPHASHOP_ACCESS_KEY and ALPHASHOP_SECRET_KEY. The public registry metadata did NOT declare these — ask the publisher to update the manifest to list required env vars and a primary credential so you know what will be requested up front. - Trust and billing: Supplying the keys lets the skill call the external API and may incur charges. Only use keys you obtained from the official AlphaShop site and consider using limited/billing-restricted credentials if possible. Monitor usage and rotate keys if you stop using the skill. - Data privacy: Images you send (via public URLs) will be fetched/processed by api.alphashop.cn. Do not send sensitive or private images unless you have verified the service's privacy and retention policies. - Endpoint sanity check: The code posts to https://api.alphashop.cn — verify this domain and the service documentation yourself before providing credentials. - Manifest inconsistency: Because the registry metadata omitted required env vars, treat this as a quality/control issue. If you rely on automated policy checks or least-privilege reviews, ask the publisher to fix the manifest to declare ALPHASHOP_ACCESS_KEY and ALPHASHOP_SECRET_KEY and to set primaryEnv accordingly. If you need higher assurance, request an explanation from the publisher about the manifest omission and confirm the service's billing/privacy terms; otherwise this skill is functionally coherent but the metadata omission is a red flag worth resolving.