ClawHub

jdl-express

Use JD Logistics (京东快递) for shipment tracking, shipping guidance, service-type comparison, outlet lookup, and delivery-time or fee estimation. Use when the u...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 9 · 0 current installs · 0 all-time installs
byhaidong@harrylabsj
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (JD Logistics tracking/estimates/outlets) match the code: tracking, time/price estimates, history, subscriptions, and address storage are implemented. Required deps in requirements.txt (cryptography, aiohttp, qrcode, pillow) are plausible for local features.
Instruction Scope
SKILL.md explicitly documents local persistence paths and privacy commands. The runtime code only reads/writes files under ~/.openclaw/data/jdl-express/ and uses a local SQLite DB. There are no instructions or code that read unrelated system files, request unrelated env vars, or send data to external endpoints.
Install Mechanism
Instruction-only install (no remote download/install script). Code files exist in the bundle and requirements.txt lists standard PyPI packages. No suspicious remote URLs or archive extraction are used.
Credentials
The skill requests no environment variables or external credentials. The only persistent sensitive artifact is local address/history data which the skill stores (optionally encrypted). This is proportionate to the stated purpose.
Persistence & Privilege
The skill persists data under ~/.openclaw/data/jdl-express/ (SQLite DB and an encrypted 'secure' directory with a .key file). It does not request elevated privileges or set always:true. Persisting user addresses/subscriptions/history is expected behavior but should be noted by the user.
Assessment
This skill is coherent but stores local data. Before installing or running: (1) Be aware it will create ~/.openclaw/data/jdl-express/jdlexpress.db and ~/.openclaw/data/jdl-express/secure/. A Fernet key (.key) is stored under the secure folder (file mode 600) — encryption protects against casual viewing but the key is on the same machine, so a compromised host can still expose data. (2) Avoid saving highly sensitive information (e.g., government IDs, full payment details) into the skill's address/history features unless you control the machine. (3) The code simulates tracking results and does not contact JD APIs in its current form; if you expect live queries, verify network behavior before trusting results. (4) If you install dependencies, use trusted PyPI sources and review updates. (5) If you need higher assurance, inspect or run the code in a sandbox, and confirm the skill will not be modified to call remote endpoints or exfiltrate the local secure directory.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk97a33sqd88e1wh5kmsr6a31q983bpx6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

JD Logistics (京东快递)

Overview

Use this skill to help users with common JD Logistics tasks such as tracking shipments, understanding service levels, estimating timing or fees, and preparing to send a parcel.

Local Persistence

When the local CLI/runtime code is used, this skill may create and persist local data under:

  • ~/.openclaw/data/jdl-express/jdlexpress.db
    • stores query history
    • stores shipment-subscription records
    • may store saved address records if those commands are implemented/used
  • ~/.openclaw/data/jdl-express/secure/
    • stores encrypted local files used by the privacy/storage helper
  • ~/.openclaw/data/jdl-express/secure/.key
    • stores a local encryption key file with mode 600
  • ~/.openclaw/data/jdl-express/privacy_export.json
    • may be created when the user runs privacy export

Only use persistence when it is necessary for the user's requested workflow. If the user asks about privacy, disclose these paths clearly.

Privacy Controls

The local CLI supports privacy operations:

  • privacy info — show local storage paths and stored-file info
  • privacy clear — clear local SQLite history/subscription data and encrypted local files
  • privacy export — export local storage metadata to privacy_export.json

Workflow

  1. Determine the user's goal:
    • track an existing shipment
    • estimate fee or delivery time
    • compare service types
    • find a nearby outlet or pickup point
    • prepare shipment details
    • review or clear local history/subscriptions/privacy data
  2. Ask for only the missing essentials, such as tracking number, route, package size, or urgency.
  3. Give the most practical answer first.
  4. If exact fee or timing cannot be confirmed, provide a cautious estimate and state assumptions.
  5. If the task uses local runtime features that persist data, mention that local history/subscription/privacy files may be created under ~/.openclaw/data/jdl-express/.
  6. Do not claim to complete real shipping actions unless live tools are available and confirmed.

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…