Logistics

What to consider before installing: - The skill will create a SQLite DB (~/.openclaw/data/logistics/logistics.db) and an encrypted storage area (~/.openclaw/data/logistics/secure) and will write a key file (.key) with 0600 perms. Expect persistent local data and encrypted blobs. If you don't want local persistence, don't install. - There is no install script; requirements.txt contains heavy native deps (cryptography, opencv, pyzbar). Make sure you trust the author and are prepared to install these packages (they may require system libraries). The absence of an explicit install step is an operational risk. - The secure storage code is intended to protect data but uses an odd key-derivation approach (PBKDF2 with random inputs) that looks buggy and may break or not yield a proper Fernet key. This appears to be sloppy/incorrect engineering rather than malicious, but it reduces confidence in the encryption correctness. - The current query() implementation returns simulated data and does not call external APIs, but the client contains an API_BASE and imports aiohttp — the code could be extended to make network calls (e.g., to kuaidi100) in future versions. If you need networked tracking, ask the author how API keys are handled and whether any outbound endpoints are contacted. - If you plan to install, review the code (especially secure storage and any networking) yourself or ask the author to explain: (1) why the KDF is used that way, (2) whether any external endpoints are contacted and how API keys are stored/used, and (3) provide an explicit install mechanism or containerized packaging to avoid surprise native installs. - If you are uncomfortable with local file writes or installing native libs, avoid installing this skill or run it in a restricted environment (container or VM).