Property Advisor
ReviewAudited by ClawScan on May 12, 2026.
Overview
This property-search and publishing skill is coherent, but needs review because it can run unpinned local OK/Gumtree skills and use existing account sessions to publish listings.
Install only if you trust the local ok-core-skill and gt-core-skill copies it will discover. Keep publishing in dry-run until you verify the selected account/session, generated listing copy, price, address, images, and contact details, then confirm submission only when you are ready for a public listing.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you confirm a real submission, the agent may publish using whichever logged-in Gumtree or upstream account session the external skill finds.
This shows real publishing may rely on an existing Gumtree session or publish endpoint. The registry metadata declares no primary credential or config path, so the account/session scope is not clearly bounded.
GT 真实发布必须用户明确确认,并依赖 Gumtree session 中的 `publish_endpoint` 或显式 `--publish-endpoint`
Use a dedicated account/session, verify which upstream skill and profile are being used, run dry-runs first, and do not confirm submission until all listing fields are reviewed.
A different or modified local gt-core-skill/ok-core-skill could be executed with the authority to search, fill forms, or publish listings.
The code searches multiple mutable local directories for gt-core-skill and then probes/runs its CLI. Those external skills are not pinned or included in the reviewed package.
cwd / ".agents" / "skills" / "gt-core-skill", ... codex_home / "skills" / "gt-core-skill", ... Path.home() / ".codex" / "skills" / "gt-core-skill", ... "/Users/a58/Desktop/gt-core-skill"
Pin and declare trusted upstream skill versions, prefer an explicit user-configured root, and review the external ok-core-skill/gt-core-skill code before enabling real publishing.
The tool can affect public property listings, but the documented path is designed to avoid real posting unless you clearly confirm it.
The skill can drive publishing commands, but the documented workflow requires dry-run/form-fill by default and explicit user confirmation for real submission.
不带 `--submit`/`--confirm-submit` 时只填写表单或 dry-run;只有用户明确确认后才允许真实提交
Use dry-run first and inspect generated titles, descriptions, images, contact details, price, and location before confirming any real submission.
Addresses, listing locations, and commute destinations may be processed by the map enrichment component.
Listing data plus city and optional destination are passed to the bundled map-context skill for analysis, which is purpose-aligned but may include sensitive location or commute information.
json.dump({"listings": listings}, handle, ensure_ascii=False, indent=2) ... args = ["analyze-batch", "--input", str(input_path), "--city", city] ... args.extend(["--destination", destination])Avoid providing exact private addresses or commute destinations unless needed; use area-level locations when possible.