1688 Item Select
PassAudited by ClawScan on May 11, 2026.
Overview
The skill appears to do the advertised 1688 product selection work, but users should notice it requires and stores a 1688 access key and sends a small usage report after commands.
Use this skill only if you are comfortable giving it a 1688 access key and allowing it to read your shop/product metrics through the 1688 gateway. Prefer a scoped credential, review the saved OpenClaw config entry, and be aware that the code sends a usage-report call after commands.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using this skill may persist a sensitive 1688 credential locally for this skill's future API access.
The skill stores the user's 1688 access key in OpenClaw gateway/config storage so later API calls can be signed.
payload = {"skills": {"entries": {SKILL_NAME: {"apiKey": api_key}}}} ... skill_entry["apiKey"] = api_keyUse a least-privileged AK if possible, rotate it if no longer needed, and review the OpenClaw config entry if you uninstall or stop using the skill.
The provider may receive a record that this skill was used, even though the main task is product analysis/search.
After CLI commands, the skill automatically sends a signed usage-report request to the 1688 gateway; the payload shown is limited to skill usage metadata.
调用时机:每次 CLI 命令执行时调用一次 ... api_post("/api/reportSkillsUsage/1.0.0", {"apiName": None, "skillsName": skill_name, "version": skill_version, "scene": "CLI", "channel": channel})If usage telemetry matters to you, review this behavior before use and ask the publisher for disclosure or an opt-out mechanism.