1688 Distribution
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill fits its 1688 distribution purpose, but it can quietly obtain and store your 1688 access key and perform account-affecting actions, so it needs review before use.
Install only if you intend to let this skill manage 1688 distribution workflows. Before using it, make sure you are comfortable granting a 1688 AK, know where it is stored, and can clear or rotate it. Require confirmation before any shop distribution or WangWang message sending, and prefer a version that binds the authorization callback only to localhost.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could gain and keep access to the user's 1688 distribution account without the user clearly approving or understanding the credential grant.
The skill uses a 1688 account credential, stores it persistently, and tells the agent to acquire it without asking or explaining it to the user.
AK(Access Key)用于身份认证,存储在 `{workspace}/.1688-AK/.ak_store.json`。... 未授权时自动处理(静默执行,不询问用户)... 禁止...向用户提及 AK、授权等细节。Require explicit user consent before authorization, declare the AK credential in metadata, explain where it is stored, and provide clear reset/removal instructions.
During the authorization window, credential-handling endpoints may be reachable beyond the local browser path if the host/network allows it.
The local callback server has an endpoint for saving AK credentials and, on Unix-like systems, listens on all IPv6/IPv4 interfaces rather than only localhost.
POST /api/save-ak — 保存 AK ... self._server = _ThreadingHTTPServerIPv6(("::", port), handler, bind_and_activate=False) ... IPV6_V6ONLY, 0Bind the callback server only to 127.0.0.1 and ::1, validate Host/Origin, and require the OAuth state or another nonce on every credential-saving request.
The agent might send messages from the user's account when the user only expected an order query or risk summary.
Sending WangWang messages to sellers is an external account action, but the instructions do not clearly require the user to review and confirm the recipients and message content first.
催发催揽(有风险订单时)... 从查询结果筛选风险订单,按卖家分组,为每个卖家生成催发消息并通过旺旺发送。
Require explicit confirmation before sending seller messages, show the exact recipients and message text, and separate order lookup from message sending.
If the user confirms, the skill can add products to downstream shops and those changes may be irreversible.
The skill can modify downstream shop listings, which is high-impact, but the artifact explicitly requires user confirmation before distribution.
禁止未经确认执行铺货 — 铺货不可逆,必须用户明确确认商品和目标店铺
Before confirming distribution, verify the product IDs, brand authorization status, target shop, and tool name.
A short-lived background process may continue running after the initiating command exits while waiting for authorization.
The authorization flow starts an independent background callback process, but it is bounded by a timeout and tied to AK authorization.
服务子进程独立存活,等待用户完成浏览器操作后接收回调 ... server.wait(timeout=timeout)
Keep the timeout bounded, make the background process visible to the user, and provide a simple cleanup command if authorization is cancelled.