沙特 Noon 选品工具
v1.0.0沙特 Noon 电商选品工具。分析指定市场的竞争情况,识别蓝海产品。触发条件:用户要求选品、分析市场、查找蓝海产品。完整流程:市场翻译 → Noon 商品搜索 → 语义分析卖点 → 供给量搜索 → 蓝海识别 → 定价建议。
⭐ 0· 76·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Noon product selection for Saudi market) matches the actions described: translate query, search Noon, analyze titles, count supply, identify opportunities and recommend pricing. Declared dependencies (zh-to-ar-translator, noon-product-search, noon-product-count) are coherent with the stated workflow.
Instruction Scope
SKILL.md instructs the agent to run local Node scripts under ~/.openclaw/workspace/skills/* to perform translation/search/count and to use web_search as a fallback. That scope is reasonable for an orchestrator skill, but it implicitly trusts the referenced local skills and a web_search tool (not declared) to only perform expected actions. There are no instructions to read unrelated files, environment variables, or to exfiltrate data.
Install Mechanism
No install spec or code files are included; this is instruction-only, so nothing is downloaded or written to disk by the skill itself. Low install risk.
Credentials
The skill declares no environment variables, no credentials, and no config paths. The workflow does not require secrets as written. Note: any referenced underlying skills (e.g., noon-product-search) could themselves require credentials; those would need separate review.
Persistence & Privilege
The skill does not request always: true and makes no changes to other skills or global config. It will be user-invocable and can be invoked autonomously per platform defaults, which is expected for a utility skill.
Assessment
This skill is an instruction-only orchestrator and appears coherent with its purpose. Before installing or using it: 1) verify the referenced local skills (zh-to-ar-translator, noon-product-search, noon-product-count) exist and inspect their code/permissions — they run arbitrary Node code and could require credentials; 2) confirm what 'web_search' refers to and whether it sends queries externally; 3) if you care about data leakage, run the skill in a sandbox or with restricted network access until you audit the dependent skills; 4) be cautious if any dependent skill later requests API keys or environment secrets — those should match the service being integrated (Noon API or translator) and be minimized. Overall the orchestration here is reasonable, but the security posture depends on the safety of the referenced skills and any external web_search implementation.Like a lobster shell, security has layers — review code before you run it.
latestvk976b8h5t1txxxgcgz1qjxqcbd83why4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.