ClawHub

Cross Border Logistics Optimizer

v1.0.0

Compare cross-border e-commerce shipping options, packaging tactics, customs-risk signals, and speed-versus-cost tradeoffs for sellers, operations teams, and...

0· 50·0 current·0 all-time
byhaidong@harrylabsj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, SKILL.md workflow, and the visible handler.py logic align: the skill produces heuristic route recommendations, packaging notes, and customs risk flags. It does not request unrelated credentials or binaries.
Instruction Scope
SKILL.md confines the skill to offline heuristics and explicitly disclaims live carrier or customs API use. The visible handler.py implements text parsing and decision logic and does not reference system files, environment variables, or external endpoints in the inspected portion.
Install Mechanism
No install spec is provided (instruction-only plus local code files). No downloads, package installs, or external installers are present in the metadata.
Credentials
The skill declares no required environment variables, no credentials, and the visible code does not access os.environ or require secrets. This is proportional to its advisory purpose.
Persistence & Privilege
always is false and there are no indications the skill attempts to persist or modify other skills or system-wide agent settings. Autonomous invocation remains possible by platform default but is not combined with other high-risk properties here.
Assessment
The skill appears coherent and appropriately scoped for an advisory logistics tool: it uses heuristics, asks for no secrets, and the visible code parses input and builds a markdown brief. Before installing or enabling autonomous use, open and review the full handler.py (the provided listing was truncated near the end) to confirm there are no hidden network calls or file/credential access. Specifically search the file for network or exec calls (requests, urllib, socket, subprocess, os.environ, open, smtplib, paramiko), and run the included tests in a sandbox to verify behavior. If you plan to allow unattended/autonomous invocation, consider restricting that until you confirm the full source contains no telemetry or exfiltration code.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cfnwvah4ew3szs571h27yks84st4g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments