alphashop-sel-newproduct

What to consider before installing: - Metadata/documentation conflict: The skill's registry entry declares no required environment variables, but SKILL.md/README/QUICKSTART and the Python script require ALPHASHOP_ACCESS_KEY and ALPHASHOP_SECRET_KEY and use them to sign a JWT. Also references/api.md has an incorrect statement '无需鉴权' (no auth) which contradicts other parts. Treat this inconsistency as a warning sign and ask the publisher to correct/clarify. - Verify the endpoint and publisher: Confirm that https://api.alphashop.cn is the legitimate service you expect and that the skill author (owner ID) is trustworthy. If the source is unknown, run network calls in an isolated environment before providing real credentials. - Secrets handling: The script signs a JWT locally with your SecretKey and sends it to the API. Do not paste production/privileged keys until you trust the endpoint. Prefer creating limited-scope/test API keys if possible. - Inspect and test safely: Review scripts/selection.py locally, run it with dummy or test credentials, and monitor outbound network traffic to confirm it only contacts api.alphashop.cn. Consider running inside a sandbox or container. - Ask for fixes: Request that the publisher update the registry metadata to declare required env vars and resolve contradictory documentation. If they cannot explain the discrepancy, avoid using the skill with sensitive credentials. If you want, I can extract and summarize the exact places where docs disagree and produce suggested text for the publisher to fix the metadata and docs.