capture-alphapai-unified

SUSPICIOUS: the overall purpose is coherent with an AlphaPai research skill, and public evidence suggests AlphaPai is a real first-party product. However, the skill asks for both API keys and raw web credentials, may persist secrets locally, and relies on unseen local setup/client scripts with undocumented endpoint behavior. No clear third-party exfiltration or overtly malicious behavior is shown, but install trust and credential handling are only partially verifiable.