Logistics Watcher
Security checks across malware telemetry and agentic risk
Overview
No malicious behavior is evident; the skill mainly stores shipment tracking data locally and checks stored history for delivery anomalies.
This appears safe to install from the provided artifacts. Be aware that it keeps package tracking data locally, and verify whether automatic tracking or reminders actually work in your environment.
VirusTotal
62/62 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your package tracking numbers and logistics history may be retained locally for future checks.
The skill stores tracked package records persistently, including tracking numbers, status history, alerts, and alert rules. This is expected for logistics monitoring, but it means shipment identifiers and history may remain available across sessions.
this.store = new LocalStore('logistics-watcher');
this.STORAGE_KEY = 'tracked_packages'; ... this.store.set(this.STORAGE_KEY, items);Use it only for tracking numbers you are comfortable storing locally, and look for a way to remove old tracked packages if needed.
The skill may not actually perform automatic background shipment lookups unless another platform component supplies that behavior.
The documentation promises proactive alerts and scheduled automatic tracking, while the included source primarily stores records and generates reports from existing history; no scheduler or courier API retrieval is evident in the provided code.
- 🔔 主动预警:超时未更新、异常状态 - 🔄 自动追踪:定时检查状态
Treat automatic monitoring claims as something to verify during use, and do not rely on it as the only source for urgent delivery updates.