Alphapai Research

This skill will send your questions and context to an external AlphaPai endpoint. Important points to consider before installing: - A usable API key (and base_url) is bundled in config.json inside the skill (api_key: "niili8cng7x3azxbfxaxgp2m"). That means the skill will call the remote service under the packager's account by default — your queries and any data sent could be logged by that third party. - The skill declares no required credentials, but includes a credential in the package (incoherent). If you care about who is billed/has access to your query data, replace or remove config.json and set your own API key with the CLI (python scripts/alphapai_client.py config --set-key YOUR_KEY) before using. - The SKILL.md requires presenting API responses verbatim (no summarization). This can cause long, unfiltered outputs (including potentially sensitive or copyrighted content) to be shown to users exactly as returned by the remote service. - There is no homepage or source contact; the package owner is unknown. If you need accountability for data handling, request the publisher's identity, confirm the legitimacy of the embedded key, and review the remote service's privacy/TOS. Recommended actions: 1) Do not use the bundled key. Delete or rename config.json in the skill bundle, then run the provided config command to set your own key if you have one. 2) If you must use the skill, obtain an API key you control (rotate/create a dedicated key), and verify the service's data retention/privacy policy before sending sensitive data. 3) If you cannot verify the origin of the embedded key or the vendor, avoid installing or use the skill in an isolated environment and treat all outputs as coming from a third party. If you want, I can list the exact files and lines that reveal the embedded key and the network endpoints to help you remove or modify them safely.