电商价格比较
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: ecommerce-price-comparison Version: 1.0.0 The skill bundle provides a legitimate e-commerce price comparison tool. The `jd_scraper.py` script uses standard Python libraries (`requests`, `BeautifulSoup`, `re`) for web scraping from JD.com, making network calls only to JD's domains. There is no evidence of data exfiltration to unauthorized endpoints, malicious code execution, persistence mechanisms, or obfuscation. The `SKILL.md` and other documentation files are free from prompt injection attempts, containing only descriptive and instructional content aligned with the skill's stated purpose. All observed behaviors are consistent with a benign web scraping and data comparison application.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Automated scraping could lead to rate limits, blocked IPs, or account challenges if used without care.
The documentation explicitly describes scraping automation and anti-bot workarounds. This is related to the scraper purpose, but it can affect accounts, IP reputation, or platform terms if used aggressively.
反爬应对: 随机延迟;轮换代理;更换UA;验证码处理
Use only user-approved queries, keep request rates low, and avoid proxy or CAPTCHA-bypass workflows unless the user is authorized to do so.
Installing unpinned dependencies may expose the user to unexpected package changes or compromised dependency versions.
The setup instructions install unpinned third-party packages and a browser runtime outside a formal install spec. This is common for scraping tools, but it leaves package versions and provenance to the user.
pip install playwright beautifulsoup4 requests pandas numpy playwright install chromium
Install in a virtual environment, pin dependency versions, and use trusted package indexes before running the scripts.
Using logged-in e-commerce sessions could expose account-specific prices or trigger account security checks.
The docs mention handling logged-in state to obtain member prices. That is purpose-aligned for personalized pricing, but account/session use is sensitive and is not declared as a required credential.
需要处理登录状态获取会员价
Do not provide passwords, cookies, or browser sessions unless explicitly needed and approved; prefer anonymous price checks when possible.
Shopping interests or old price data may remain in local cache/history and could influence later recommendations.
The skill describes caching and also advertises price history tracking. This is aligned with price monitoring, but retained product queries and cached prices can persist or become stale if not managed.
数据缓存:减少重复请求,提高效率
Use clear cache locations, set retention limits, and refresh live prices before relying on purchase recommendations.