ClawHub

Smart Shopper

v1.1.0

Find and compare products across Amazon, Temu, SHEIN and local stores. Use when a user wants to: (1) Shop for products or find best deals, (2) Compare prices...

0· 279·1 current·1 all-time
by@elevo11
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description (compare/search across Amazon/Temu/SHEIN and local stores) aligns with the included scripts (search, compare, local_search, price_tracker, shopping_list). However the registry metadata claims no required env vars or credentials while SKILL.md and scripts require a SKILLPAY_API_KEY for billing integration — this is an internal inconsistency in metadata vs runtime requirements. No unrelated cloud credentials are requested.
Instruction Scope
SKILL.md commands map directly to the included scripts and remain within the shopping domain. Two noteworthy mismatches: (1) SKILL.md describes 'web scraping' for searches but search.py only generates search URLs (it does not fetch or parse remote pages), and (2) SKILL.md omits disclosure that scripts persist data to the user's home directory (~/.openclaw/workspace/smart-shopper/data/...). Billing instructions call https://skillpay.me/api/v1. These behaviors are within purpose but should be explicitly documented in metadata/instructions.
Install Mechanism
No install spec or remote downloads are present (scripts are bundled). That minimizes supply-chain risk from external installers. The code will be executed as-is (Python scripts included), but nothing in the repository pulls arbitrary archives or runs remote installers.
!
Credentials
Only external credential used is SKILLPAY_API_KEY (for SkillPay.me billing), which is proportionate to a paid skill. The problem is the registry metadata incorrectly lists no required env vars while SKILL.md marks SKILLPAY_API_KEY as required — this mismatch could lead to runtime errors or hidden billing behavior. No other SECRET/TOKEN/PASSWORD env vars are requested.
Persistence & Privilege
The skill persists user data to ~/.openclaw/workspace/smart-shopper/data/price_tracker.json and shopping_list.json. It does not request always:true or modify other skills. Persisting shopping lists and price history in the user's home directory is expected for this functionality but should be disclosed up-front.
What to consider before installing
Before installing: (1) Confirm the SKILLPAY_API_KEY requirement — the registry metadata currently omits it; if you don't provide an API key billing calls will fail or prompt. (2) Review the bundled Python files locally — they will be executed and write files to ~/.openclaw/workspace/smart-shopper/data/. (3) Understand that billing.py will call https://skillpay.me/api/v1 with SKILL_ID bfff659e-f2e0-4429-8b1f-42f44bdec35e; verify SkillPay.me is legitimate and you trust giving a key. (4) The search script generates links rather than scraping remote pages (lower privacy impact), but the skill will still create persistent files. (5) If unsure, run the code in a sandboxed environment, inspect or remove billing calls, or ask the publisher to correct the registry metadata and explicitly disclose persistence and external endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk9740kf01940rt77nb903b2ged82cs19
279downloads
0stars
3versions
Updated 1mo ago
v1.1.0
MIT-0
@elevo11
latest
Download

Smart Shopper

Find & compare products across Amazon, Temu, SHEIN and local stores. 0.001 USDT/call.

Commands

CommandScriptDescription
searchscripts/search.pySearch products across platforms
comparescripts/compare.pyCompare specific products side-by-side
localscripts/local_search.pyFind products in nearby stores
listscripts/shopping_list.pyGenerate/manage shopping lists
trackscripts/price_tracker.pyTrack prices over time + alerts (NEW)
billingscripts/billing.pySkillPay charge/balance/payment

Workflow

1. Billing:  python3 scripts/billing.py --charge --user-id <id>
2. Search:   python3 scripts/search.py --query "wireless earbuds" --budget mid
3. Compare:  python3 scripts/compare.py --query "iPhone 15 case" --platforms amazon,temu,shein
4. Local:    python3 scripts/local_search.py --query "coffee maker" --location "New York"
5. List:     python3 scripts/shopping_list.py --action add --item "earbuds" --url "..."

Examples

# Search with budget
python3 scripts/search.py --query "running shoes" --budget low
python3 scripts/search.py --query "laptop stand" --budget "$30"

# Compare across platforms
python3 scripts/compare.py --query "USB-C hub" --platforms amazon,temu

# Filter by preferences
python3 scripts/search.py --query "backpack" --brand "Nike" --color "black"

# Local store search
python3 scripts/local_search.py --query "batteries" --location "Shanghai"

# Shopping list
python3 scripts/shopping_list.py --action show
python3 scripts/shopping_list.py --action add --item "earbuds" --price 25.99 --url "https://..."
python3 scripts/shopping_list.py --action export

Config

Env VarRequiredDescription
SKILLPAY_API_KEYYesSkillPay.me API key

References

See references/platforms.md for platform-specific search patterns.

Comments

Loading comments...