Skillv1.0.8

ClawScan security

Taobao Merchant Ops · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 3:23 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The package matches its stated Taobao automation purpose, but it performs remote license activation to a hard-coded IP address and persists browser login state (cookies) locally — both are sensitive actions you should review before installing or running.
Guidance: This skill is largely coherent with its stated purpose, but it has some sensitive behaviors you should consider before installing: 1) License activation: the program POSTs your card key and a machine fingerprint to a remote license server. The default server is a raw IP (http://120.27.202.105:8000). If you don't trust that endpoint, do not enter card keys or use the tool until you verify the server's identity. You can override the server via TMO_LICENSE_SERVER, but only if you know a safe endpoint. 2) Browser login state: the RPA reuses and writes a storage_state file that contains authentication cookies—treat that file as highly sensitive (it can grant account access). 3) Bundled get-pip.py: the repo includes a huge pip bootstrap blob; while likely legitimate, bundling increases audit surface—inspect it if provenance matters. Recommended precautions: run the tool in an isolated VM or disposable container; review license_gate.py and confirm the activation endpoint before entering secrets; avoid reusing production account logins (use a test account) or delete saved storage state after use; inspect network activity (e.g., via a firewall) during first runs; contact the seller/source for a verifiable homepage or signed releases before trusting real credentials. If you want, I can point out the exact lines that perform remote activation, where files are written, and what data is sent.

Review Dimensions

Purpose & Capability: noteName/description (Taobao merchant ops) align with the included files: Playwright-based RPA, Excel parsing, install script and a license gate. The code implements the claimed features (capture/inspection/parse). Nothing in the codebase appears obviously unrelated to merchant automation.
Instruction Scope: noteSKILL.md tells users to run the provided install.py and run_taobao_merchant_ops.py with a card-key. The runtime instructions do not overreach (they instruct installation and running). However, the runtime code (license_gate) performs network calls for activation/check and the RPA saves browser storage (login state) and diagnostics — these behaviors are not emphasized in the user-facing SKILL.md and are sensitive.
Install Mechanism: noteThere is no registry install spec (instruction-only), which lowers remote-install risk. The package includes an embedded get-pip.py (a large bundled pip bootstrap blob). Bundling get-pip.py is unusual but can be legitimate; it increases repository size and should be inspected if you care about provenance.
Credentials: concernThe code transmits a machine fingerprint and user-provided card key to a remote license server. The default LICENSE_SERVER_URL is an IP (http://120.27.202.105:8000), not a well-known domain; activation and subsequent license checks use HTTP POSTs. The skill will also write saved browser login/state files (yingdao_storage_state.json) and diagnostics that include python_executable and platform info. These are reasonable for a paid RPA tool but are sensitive and not declared explicitly in requires.env; consider that card keys and login cookies are sent or stored.
Persistence & Privilege: notealways is false and the skill does not request elevated platform privileges. It persists its own files: license/license.json, yingdao_storage_state.json (browser login state), downloads, run_logs and diagnostics under the project. Persisting login cookies and license files is normal for this app but raises privacy concerns if you run it with real credentials.