ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Etsy Shop

v1.0.6

帮助用户搜索手工艺品、复古商品和定制礼品,浏览设计师店铺并查询价格和订单信息。

0· 86·0 current·1 all-time
by@hanxueyuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description promise: searching handcrafts, browsing shops, querying prices and orders. SKILL.md: only describes providing structured background/industry information about a brand (创立背景、产品范围、行业分析). There are no declared credentials, APIs, or instructions to perform searches or access orders, so the required capabilities do not match the stated purpose.
!
Instruction Scope
SKILL.md contains only high-level documentation guidance and 'data source' recommendations; it does not specify runtime actions (no API endpoints, no commands, no data collection/transmission). This means the skill cannot, as-written, perform the interactive search/order queries the description advertises. The instructions do not ask for or access unrelated files or secrets — but they also do not provide any usable runtime behavior.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is low-risk from an installation perspective because nothing is downloaded or written to disk.
Credentials
No environment variables, credentials, or config paths are requested. That is proportionate to the SKILL.md content (which only documents brand information) but inconsistent with the metadata that would normally require API keys for interactive Etsy access.
Persistence & Privilege
always is false and there are no special privileges or config changes requested. The skill does not request persistent system presence or modify other skills/config.
What to consider before installing
The skill's metadata says it can search Etsy and query orders, but the provided SKILL.md only describes producing brand/industry background and gives no runtime steps, APIs, or credentials. That mismatch suggests the package is incomplete or mislabeled. Before installing or relying on it: 1) ask the publisher for clarification or an updated SKILL.md that shows how searches/orders are performed (API endpoints, required keys); 2) prefer skills that declare needed credentials and a reputable source/homepage; 3) do not provide any real Etsy credentials until you confirm concrete, proportionate requirements and a trusted publisher; and 4) if you need actual Etsy integration, look for a skill that explicitly documents use of Etsy's API and required environment variables.

Like a lobster shell, security has layers — review code before you run it.

latestvk9705p43ncyc307erqe4jvex6984wqrq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments