ClawHub

优惠券查询·场景快取

v1.0.5

优惠券查询与领取技能。覆盖外卖券、酒店券、打车券、咖啡券、电影票、超市券等多场景,输入需求自动匹配最优活动链接。触发词: 优惠券查询, 领取优惠券, 有什么优惠, 外卖券, 外卖红包, 酒店券, 打车券, 咖啡优惠, 电影优惠, 帮我找优惠, 哪里有折扣, 推荐优惠活动, 今天有什么券, 点外卖优惠, 订酒店便宜...

2· 305·3 current·4 all-time
by@ayue-oss
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the provided assets: a search script (scripts/find.mjs) plus a bundled database (data/activities.json) that the skill queries and formats. The requested resources are minimal and appropriate for a coupon lookup feature.
Instruction Scope
SKILL.md instructs the agent to extract keywords and run the local Node script (or import its functions) and return the formatted text. The script only reads the included JSON database and does not access other files, environment variables, or external endpoints at runtime (it only emits links contained in the data).
Install Mechanism
There is no install spec (instruction-only), which is low risk. One mismatch: the skill uses a Node CLI (node find.mjs) but the manifest lists no required binaries. The agent environment must have Node.js available for the script to run; that dependency is implied but not declared.
Credentials
No environment variables, credentials, or config paths are requested. The skill operates on bundled data only, so no secret access is needed or requested.
Persistence & Privilege
always:false and no install-time persistence or modifications to other skills/settings. The skill does not request elevated or permanent privileges.
Assessment
This skill appears coherent and limited: it reads a local activities.json and returns matching coupon links. Before installing or using it, note: (1) it expects Node.js to be present even though the manifest didn't declare that—ensure your agent environment can run node scripts; (2) the bundled data contains many short URLs, deep links and third-party H5 links (some using http or redirects). Those links may carry tracking parameters or redirect to external sites—verify links before clicking and avoid submitting sensitive credentials to landing pages; (3) the share/submit form pointed to a Feishu URL will send user-submitted content to that external service if users follow it; consider whether you want submissions routed there. If you want stronger assurances, request provenance of the activities.json (who maintains it, update cadence) and ask the publisher to declare the Node runtime dependency.

Like a lobster shell, security has layers — review code before you run it.

latestvk9759h2dq4fxy5ybwdbhasqf5h82tcvd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎫 Clawdis

Comments