ClawHub

car-advisor

v1.0.0

实时汽车问答与对比分析系统。当用户询问任何买车、选车、汽车参数对比、车型评测、价格分析相关问题时触发此 Skill。 触发场景(只要涉及以下任一情形就必须使用此 Skill): - 车型参数对比:"小米SU7和Model 3哪个好"、"国产车和特斯拉对比" - 配置/价格查询:"Model Y 焕新版座椅加热有吗...

0· 227·0 current·0 all-time
byRainman@deusyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (real-time car Q&A and comparisons) match the SKILL.md: it describes intent parsing, web searches of official sites and auto portals, structured comparison output, and cites appropriate sources. No unrelated environment variables, binaries, or config paths are requested.
Instruction Scope
Instructions require broad, parallel web_searches and scraping-like retrieval from many public automotive sites (official pages, dongchedi, autohome, media, forums). This is coherent for the purpose, but the policy to 'always trigger when a topic involves specific models' may cause frequent external queries (privacy/rate-limit considerations). The SKILL.md does not direct reading of local files or other unrelated system state.
Install Mechanism
No install specification or code files — instruction-only skill. This is the lowest-risk install model and consistent with the described behaviour.
Credentials
No environment variables or credentials are required. The references mention third-party paid APIs (wapi.cn, juhe.cn, dongchedi enterprise keys) that would require keys if used, but the skill does not demand those credentials in its manifest — provisioning them would be optional and should be done deliberately.
Persistence & Privilege
Skill is not always-included (always: false) and does not request to modify agent/system configs or persistent credentials. Autonomous invocation is allowed (platform default) but not combined with other privilege escalations.
Assessment
This skill appears coherent and does what it says: perform real-time web searches and assemble car comparisons. Before installing, consider: (1) privacy — searches and user queries will go to whatever web_search provider the agent uses (they may be logged by that provider and by the target websites); (2) volume and rate limits — the skill advocates parallel searches and may perform many queries for multi-vehicle comparisons (this can hit rate limits or trigger blocking on some sites); (3) accuracy — the skill relies on scraped/third-party pages that can be out-of-date or inconsistent, so verify critical data (price, subscription requirements) against official brand pages; (4) optional paid APIs — if you later supply API keys for juhe/wapi/dongchedi, grant only the minimal permissions and store keys in secure env vars; (5) autonomous invocation — if you are concerned about automatic network activity, consider restricting autonomous execution or adding usage limits. Overall there are no obvious coherence or credential-exfiltration issues.

Like a lobster shell, security has layers — review code before you run it.

latestvk979p1gnk4877yjm9e2ctq68q982vzr9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments