alphashop-sel-product-search

What to check before installing/using this skill: - Source verification: The skill's source/homepage is missing. Confirm the publisher and that alphashop.cn is a legitimate service you trust before supplying API keys. - Credentials: The SKILL.md and README require ALPHASHOP_ACCESS_KEY and ALPHASHOP_SECRET_KEY, but the registry metadata incorrectly lists no required env vars — treat this as a metadata bug and assume the skill will read those env vars or accept them via CLI. Do not reuse high-privilege keys: create a scoped/test key if possible. - Dependencies: The included Python script uses requests and PyJWT but the skill does not declare dependencies. Install dependencies in an isolated environment (virtualenv) and review the script locally before running. - Logging of inputs: The script prints the full request payload to stdout (including userId and search parameters). Avoid putting secrets into fields that get printed; rotate keys if exposed to logs. - Network calls: The script makes outbound HTTPS POSTs to api.alphashop.cn. If organizational policy restricts external calls, block or review the endpoint. Consider testing with a network sandbox or verifying the endpoint's TLS certificate and ownership. - Inconsistencies: Ask the maintainer to (1) correct registry metadata to list required env vars and dependencies, (2) provide a homepage/source repository, and (3) confirm the correct process for obtaining API keys. Because of the metadata/dependency inconsistencies and missing source, treat this skill as suspicious until the publisher/source and required environment/dependency declarations are clarified.