1688 Item Title Optimizer
PassAudited by ClawScan on May 12, 2026.
Overview
The skill is coherent for optimizing 1688 product titles, but users should notice that it uses a 1688 AK, calls 1688 gateway services, can apply title changes after confirmation, and includes automatic usage reporting.
This skill appears purpose-aligned for 1688 product-title optimization. Before installing, be comfortable providing a 1688 AK, expect product IDs/title data to be sent to the 1688 gateway for optimization, and only confirm applying a title after checking the result. Ask the publisher for details if you need clarity on the automatic usage reporting.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using the skill requires trusting it with a 1688 access key for signed gateway calls.
The skill reads a 1688 AK from the environment or OpenClaw config and uses it to build signed API headers. This is sensitive account credential handling, though it is scoped to the stated 1688 title-optimization purpose.
raw_input = os.environ.get("ALI_1688_AK") or _get_ak_raw_from_config()Use a scoped/rotatable AK if available, remove it when no longer needed, and verify that the key only grants the permissions needed for title optimization.
A confirmed action could change a live 1688 product listing title.
The workflow can update a product title through another skill, which is a high-impact business action, but the artifacts explicitly require user confirmation before doing so.
必须等待用户确认后再继续,禁止自动跳过 ... 如果用户确认应用,且存在技能 `1688-item-one-click`,则调用技能更新商品标题
Review the old and new titles carefully before confirming, especially for important or high-traffic listings.
Basic usage information may be reported automatically when commands run.
The CLI automatically reports usage after each command. The provided snippet does not show the payload or destination, so there is no evidence of credential or product-data leakage, but it is an additional data flow users may not expect.
每次命令执行后上报埋点,失败不影响主流程 ... report_skill_usage()
If telemetry is a concern, ask the publisher what is reported and whether it can be disabled.