利润优化引擎
PassAudited by ClawScan on May 2, 2026.
Overview
This skill is a small local order and profit calculator with no evidence of network, credential, or hidden behavior, but it does persist order data and can mark local orders as paid.
This appears safe for local order/profit simulation. Before using it for real business records, understand that it saves order details locally and that its paid/unpaid status is only a local bookkeeping flag, not proof of payment.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with real orders, an agent or user could mark an order as paid in the local records even if the payment was not actually verified.
The script can mutate saved local order state by marking an order as paid. This is aligned with order management, but it affects local business records.
elif "--confirm" in args: ... found['status'] = 'paid' ... mgr._save(found)
Use --confirm only after independently verifying the order ID and payment status; treat the records as local bookkeeping unless connected to a real payment workflow.
Order and financial details entered into the tool can remain on disk and influence future reports.
The skill stores order names, prices, costs, status, and timestamps as persistent local JSON files and later reloads them for reports.
DATA_DIR = os.path.expanduser("~/.openclaw/workspace/state/orders") ... json.dump(order, f, indent=2)Avoid entering sensitive real customer data unless local storage is acceptable, and delete or protect the state directory when records are no longer needed.