ClawHub
Back to skill
v1.0.1

1688 Price Monitor

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:13 AM.

Analysis

This skill appears to perform the advertised 1688 price, search, and profit lookups, with expected outbound 1688 requests and a standard Python dependency to notice.

GuidanceThis appears safe to install for ordinary 1688 lookup use. Be aware that searches and product lookups contact 1688, and verify supplier or pricing information independently before relying on it for purchases or resale decisions.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
tools/query_price.py
mobile_url = f"https://m.1688.com/offer/{item_id}.html" ... search_url = f"https://s.1688.com/selloffer/offer_search.htm?keywords={keyword}&beginPage={page}"

The tool makes outbound requests to fixed 1688 domains using user-supplied product IDs or search keywords. This is expected for price lookup and sourcing, but it is still an external data flow.

User impactYour product URLs, item IDs, and search terms may be sent to 1688 when the skill is used.
RecommendationUse it only for queries you are comfortable sending to 1688, and verify prices or supplier details before making business decisions.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
"install": [ { "id": "requests", "kind": "pip", "package": "requests", "label": "安装依赖:pip3 install requests" } ]

The skill asks for an unpinned PyPI dependency. The dependency is expected for HTTP requests, but unpinned packages are a supply-chain detail users should notice.

User impactInstalling without a pinned version can produce different dependency versions over time.
RecommendationInstall dependencies from a trusted Python environment and consider pinning or reviewing the requests package version if reproducibility matters.