ClawHub

Product Recommender

v1.0.0

Intelligent product recommendation engine for retail digital employees. Recommends products based on customer needs, budget, recipient, occasion, preferences...

0· 91·0 current·0 all-time
by@fangwei-frank
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (product recommendation) match the included SKILL.md and the recommend.py logic: intent extraction, budget/constraint filtering, scoring, upsell logic and presentation. Required resources (a products[] knowledge base) are consistent with the stated purpose; no unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md stays within the recommender domain: it instructs extracting intent signals, running scripts/recommend.py, and returning 3 curated items. It does mention logging 'feature_request' and session state (e.g., upsell_declined) which are not fully implemented in the visible code — minor scope mismatch but not evidence of malicious behavior. The runtime instructions do require a knowledge_base.json path; ensure that path only points to intended product data (the script will read any file given).
Install Mechanism
No install spec (instruction-only with an included script). That is low-risk: nothing is downloaded or installed automatically by the skill.
Credentials
The skill requests no environment variables, credentials, or config paths. The code likewise does not reference secrets or external tokens in the visible portion.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges. The script appears to be a transient CLI utility that reads a KB and returns recommendations; it does not modify other skills or system settings in the visible code.
Assessment
This skill appears coherent for recommending products: it runs a local Python script against a provided knowledge_base.json and uses deterministic filtering/scoring. Before installing/using: 1) Review the complete scripts/recommend.py file (the submission truncated the file end) to confirm the main() function does not perform unexpected I/O or network calls. 2) Ensure the agent will be given only trusted knowledge_base JSON files (don't point --kb at sensitive local files). 3) If you rely on inventory/live API behavior, check how 'stock_status: live_api' is handled elsewhere — the skill assumes live availability if that flag is present. 4) Confirm how 'feature_request' logging is implemented in your environment (the docs mention logging but the visible code doesn't show where it goes). If you want a higher assurance, ask for the full recommend.py file (complete) and any runtime wrapper the agent uses to invoke it so you can verify there are no hidden network endpoints or credential usage.

Like a lobster shell, security has layers — review code before you run it.

latestvk9790mys770nv2tchengy9q5g983eayn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎯 Clawdis

Comments