Filtalgo Shopping
WarnAudited by ClawScan on May 13, 2026.
Overview
This shopping skill is mostly purpose-aligned, but it handles OAuth/payment/order authority and includes an overbroad raw API call path plus evidence of disabled TLS verification.
Only install this if you trust the publisher and are comfortable granting Filtalgo account access. Do not use it for real payments, addresses, refunds, or order changes until the TLS issue is fixed; require explicit confirmation for purchases/refunds/address changes, and avoid the raw `call` command.
Publisher note
修复了部分商品搜索不到的Bug; 修复了添加购物车失败的bug; 支持完整的售后能力
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly or autonomously, the agent could make unsupported account or commerce API calls beyond the documented shopping flow.
The CLI exposes a generic authenticated call command accepting arbitrary method, path, and body, which can bypass the safer scoped shopping/order/address/checkout commands.
UTILITY call <method> <path> [--body <json>]
Avoid using the raw `call` command unless you fully understand the target API; the publisher should remove it, restrict it to an allowlist, or require explicit user confirmation and clear audit output.
OAuth tokens, account data, addresses, order details, or payment-related responses could be exposed to network interception if this code path is used.
The static scan found HTTPS certificate verification disabled in the bundled CLI, which is especially risky because the skill performs OAuth-authenticated shopping, address, order, refund, and payment-link operations.
rejectUnauthorized: false,
Do not use this skill for real purchases or sensitive account activity until the publisher removes disabled TLS verification and documents secure transport behavior.
Anyone with access to the local credential store may be able to act as the logged-in Filtalgo user until logout or token expiry.
The CLI stores OAuth credentials after login. This is expected for an authenticated shopping integration, but it grants ongoing account access from the local environment.
const credentials = await auth.login(cfg);
store.save(credentials);Use `logout` when finished, avoid shared machines, and ensure the stored credentials are protected with appropriate file permissions.
This may weaken the service-side trust model for the OAuth client, even if it is not the user's personal password or token.
The bundled CLI appears to include a hardcoded OAuth client secret. The skill discloses a built-in OAuth client, but a client secret shipped to users should not be treated as confidential.
if ([REDACTED]) out.client_secret = [REDACTED];
The publisher should use a public-client PKCE OAuth flow without embedded secrets, or clearly document why this secret is non-sensitive.