Rakuten返利助手
v0.1.0Rakuten(原Ebates)美国最大购物返利平台工具,覆盖3500+海外商家,提供购物现金返利和优惠券查找。
⭐ 0· 54·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description match a cashback/discount lookup tool and the skill declares no binaries, credentials, or installs — this is proportionate. Note: the SKILL.md mentions features like a browser plugin and automatic site detection, but the skill package contains no code or install to implement those features (it's purely instructional/spec). That mismatch is a functionality gap, not a security inconsistency.
Instruction Scope
The SKILL.md only provides a high-level feature list and an output format; it does not instruct the agent to read local files, access credentials, or call specific external endpoints. However it is vague about data sources and runtime behavior (e.g., how to obtain current cashback rates), which could lead an agent to perform web browsing or web scraping if implemented — the instructions give broad discretion but do not request unrelated system access.
Install Mechanism
No install spec and no code files are present, so nothing is written to disk or fetched during install. This is low-risk from an installation perspective.
Credentials
The skill declares no required environment variables, credentials, or config paths. Its mention of PayPal/payouts is informational only and not accompanied by requests for payout credentials — this is proportionate.
Persistence & Privilege
always is false and defaults apply. The skill can be invoked by the agent normally; there are no elevated persistence or cross-skill configuration changes requested.
Assessment
This skill is essentially a descriptive, instruction-only helper with no code, installs, or credential requests — that makes it low-risk but also means it currently has no concrete implementation. Before installing/use: (1) be aware the SKILL.md is vague about data sources; an agent using it may attempt web searches or scraping to find cashback rates, which is normal but could access external sites. (2) Because the publisher and homepage are unknown, prefer enabling it only for explicit user-invoked sessions rather than broad autonomous access, and monitor any future updates that add installs or request PayPal/other credentials. (3) If you expect browser-plugin-style automatic detection, note that this package provides no extension or integration — such functionality would require additional code or a browser extension and should be treated separately.Like a lobster shell, security has layers — review code before you run it.
latestvk97atx0aek2q42qzs1kgeg18kx83q3ty
License
MIT-0
Free to use, modify, and redistribute. No attribution required.