返利全能助手
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This no-code cashback shopping guide is coherent and purpose-aligned, but users should treat shopping history, order tracking, and cashback balance details as private information.
This skill appears safe as an instruction-only cashback guide. Before using it, remember that shopping history, order numbers, cashback balances, and withdrawal details can be sensitive; provide only what is necessary and do not share passwords, payment credentials, or full account access.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users have less external context for who maintains the skill or where updates originate.
The skill has limited provenance information, although it is instruction-only and includes no install script or executable files.
Source: unknown Homepage: none
Prefer installing from trusted registry entries and re-check future versions if code, dependencies, or install steps are added.
Private shopping history, order details, or cashback balances could be exposed in the conversation if the user provides them.
The skill may use user preferences and shopping history as context for recommendations, which can include private purchase behavior.
基于用户偏好和购物历史,筛选高返利商品并推荐
Share only the minimum purchase or order details needed, avoid unnecessary account identifiers, and do not paste sensitive financial credentials.
If used for tracking, the assistant may need continuing access to order or cashback status information supplied by the user.
The skill describes automatic rebate tracking and reminders. This is disclosed and aligned with cashback management, but it implies ongoing order-status awareness.
订单提交后自动追踪返利状态,异常时及时提醒
Keep tracking user-initiated, confirm what order information is being retained or reused, and avoid granting account access unless a future version clearly explains the scope.