Taobao Ecommerce System
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is not obviously malicious, but it advertises high-impact Taobao/1688 automation while its safeguards, credential requirements, and actual code behavior are inconsistent.
Do not connect real Taobao, 1688, advertising, order, or customer-service accounts until the publisher provides accurate capability documentation, declared credential scopes, and explicit confirmation controls. The current code appears mostly demonstrative, so verify any claimed business action manually.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent may believe a real listing was safely published or protected by safeguards when the included code appears to be a simulation.
The script prints that a product was published, while SKILL.md claims the system does not automatically publish and only generates drafts. The reviewed source contains no Taobao API publishing call or confirmation flow, making the success message misleading.
print("✅ 上架完成!商品已发布")Treat the outputs as demo text unless real API integration, explicit confirmation steps, and accurate status messages are added and documented.
If connected to real accounts, the skill could place supplier orders, update order records, or message customers without a clearly enforced review step.
The default configuration enables automatic supplier order pushing, tracking-number filling, and customer replies. These are high-impact ecommerce account actions, but the artifacts do not clearly bound user approval, scope, or reversibility.
auto_push_1688: true auto_fill_tracking: true ... customer_service: auto_reply: true
Require explicit per-action confirmation for order, listing, advertising, refund, and customer-message changes, and document exactly what will be modified.
Users may provide broad shop/API credentials without understanding what permissions the skill needs or what account actions it can take.
The registry declares no required credentials or environment variables, but the README expects API keys and Taobao API permissions. For ecommerce automation, those credentials could grant account-level authority, and the required scopes are not specified.
- 检查 `.env` 文件中 API Key 配置 - 检查淘宝 API 权限
Declare all required credentials and environment variables, list minimum API scopes, and separate read-only analysis permissions from mutation permissions.
Users have less assurance that the reviewed package metadata matches the registry entry they are installing.
This internal metadata does not match the supplied registry owner/version information, which lists a different owner ID and version 1.0.0. This is a provenance and packaging consistency issue, not proof of malicious behavior.
"ownerId": "kn70pywhg0fyz996kpa8xj89s57yhv26", "version": "2.0.0"
Verify the publisher and ensure registry metadata, SKILL.md, and _meta.json agree before installing.
A later dependency update could change behavior or introduce vulnerabilities outside this skill's reviewed code.
The dependency versions are ranges rather than pinned exact versions. This is common for Python projects, but it means future installs may resolve to different package versions than the reviewed artifact.
requests>=2.31.0 pandas>=2.0.0 openpyxl>=3.1.0 Pillow>=10.0.0 python-dotenv>=1.0.0
Prefer pinned dependencies or a lockfile for reproducible installs, especially before connecting business accounts.