1688 Shop Operate
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill appears aimed at legitimate 1688 shop diagnostics, but it asks for sensitive 1688 credentials and includes broader OAuth/token handling and a network callback server that are not tightly bounded to read-only diagnosis.
Use this skill only if you trust the publisher and the 1688 gateway integration. Prefer the browser-based AK flow or a secret manager rather than pasting AKs into chat, review any OAuth scopes carefully, avoid granting write scopes for diagnostics, and clear stored credentials after use if you no longer need the skill.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent invoking the broader commands could grant or expose 1688 account access beyond the metrics needed for a shop diagnosis.
The CLI can request user-supplied OAuth scopes, gives an example including a write scope, and can print a raw access token. That authority is broader than the advertised read-only shop health diagnostics.
`authorize --scope "read:order write:order"`; `"access_token": token_check["access_token"]`; `查询和管理您的 1688 订单`
Restrict the skill to the minimum read-only scopes needed for the four diagnostic APIs, remove or hide raw token output, and declare the exact credential and scope requirements in metadata.
A user may paste their 1688 AK into chat or command arguments, increasing the chance it is retained in transcripts, logs, or process history.
The setup flow instructs the agent to collect the AK from the user's chat message, while SKILL.md also warns users not to paste AKs into chat records. This conflicting guidance can lead users to disclose a sensitive credential unsafely.
用户告知 AK 后,Agent 按以下步骤执行:`1. 从用户消息中提取 AK 字符串` ... `2. 执行 cli.py configure <AK>`
Use a secret-entry mechanism or browser-based flow that avoids chat disclosure, and make the credential handling guidance consistent.
During authorization, the callback listener may be reachable beyond the local machine if the environment allows it, increasing credential-flow exposure.
The OAuth/AK callback server is intended to handle authorization data. On non-Windows systems this constant indicates binding to all network interfaces instead of localhost, broadening the callback exposure.
CALLBACK_BIND_ADDRESS = "127.0.0.1" if _sys.platform == "win32" else "0.0.0.0"
Bind callback servers to 127.0.0.1/localhost on all platforms, strictly validate state, and clearly show users how to stop the listener.
A short-lived background process may remain active while waiting for the OAuth/AK callback.
The authorization flow deliberately spawns a background callback server. It is bounded by a timeout and appears purpose-aligned, but users should know it continues running after the initial command returns.
回调服务器已在后台独立运行(最长等待 {timeout} 秒)Keep the timeout short, expose a clear stop/cleanup command, and avoid starting the server unless the user is actively authorizing.
Each successful command flow may also send a usage event to the 1688 skill gateway.
The skill automatically reports usage after recognized CLI commands. The documentation says it sends basic skill metadata and ignores failures, so this is disclosed, but it is still an additional network side effect.
已识别子命令...正常执行完毕...均在子命令返回后上报一次...完整 URL...`https://skills-gateway.1688.com`
Ensure users are informed about telemetry, keep reported fields minimal, and provide an opt-out if possible.