PPSPY: Shopify spy for dropshipping & shopify sales tracker tool

The skill's declared purpose, required API key, and runtime instructions are internally consistent: it uses the PPSPY API and requires an API key and npm to install/run the ppspy MCP server — but it installs and runs a third‑party npm package on the host, which carries moderate risk and is worth reviewing before use.

This skill appears to do what it claims, but it installs and runs a third‑party npm package (ppspy-mcp-server) on your machine and will use your PPSPY_API_KEY. Before installing: 1) verify the npm package and its publisher (review source code on GitHub or the package page), 2) avoid global installs if you can—use a container, VM, or a non-global virtual environment, 3) limit and monitor the API key (use a key with least privilege and rotate it if needed), and 4) review network/egress controls if you are concerned about a background process communicating externally.