ClawHub

Dealpilot

v0.1.0

Cross-Platform Shopping Decision Agent / 全网购物决策官. Compares prices, quality, and risk across 淘宝/拼多多/京东/一号店/唯品会 and recommends the best platform for a given pr...

0· 67·0 current·0 all-time
byhaidong@harrylabsj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (cross-platform shopping decision engine) match the included code and docs: engine, platform adapter stubs, normalize/decide/analyze scripts, and test-stub. Nothing in the repo asks for unrelated cloud credentials or system access.
Instruction Scope
SKILL.md and RUNNING.md limit runtime actions to local scripts (normalize/decide/format) and describe future integration with other platform skills. Example paths reference a local development path but there are no instructions to read unrelated system files or exfiltrate data. Current adapters are stubs returning mock data.
Install Mechanism
No install spec provided and no downloads or extract steps. The package is a local JS/TS code bundle intended to run in the agent environment; this is low-risk for installation mechanism.
Credentials
The skill declares no required env vars, binaries, or config paths. That is proportionate for the current stubbed implementation. Note: real platform adapters (future work) may legitimately require platform API keys—those should be requested only when adapter code is added and justified.
Persistence & Privilege
Skill is user-invocable and not always-enabled; it does not request permanent presence or modify other skills. There is no evidence it attempts to change system-wide settings or persist credentials.
Assessment
This skill is a coherent MVP scaffold that currently returns mock results and does not request credentials. If you install it now, it should be low-risk, but watch for future updates: real platform adapters will likely require API keys or third‑party integrations (Taobao/PDD/JD), and those additions should be reviewed to ensure requested credentials and network endpoints match the platform being integrated. Also verify any runtime network calls and new install steps before granting secrets or broad permissions.

Like a lobster shell, security has layers — review code before you run it.

latestvk978795h7frf028n2pxqze2qrs849c8b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments