Search Listing Optimizer
v1.0.0Optimize ecommerce product listings for Amazon A9, Taobao/1688 search, JD search, TikTok Shop discovery, Xiaohongshu SEO, and Shopify storefront search using...
⭐ 0· 49·0 current·0 all-time
byhaidong@harrylabsj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (heuristic listing audits across marketplaces) match the code and SKILL.md: the implementation performs text-based heuristics and produces a markdown brief. No platform APIs, credentials, or unrelated system access are requested. Note: there is a minor mismatch in ATTRIBUTE_WEIGHT keys (they're lowercased) versus detected platform names (capitalized like 'Amazon'), which will cause many weight lookups to fall back to the 'general' values — a correctness bug, not a security issue.
Instruction Scope
SKILL.md limits the agent to using user-provided listing notes and states explicitly it does not access live analytics or seller portals. The included handler code only processes provided text, applies heuristics, and renders a markdown brief. I saw no instructions to read system files, environment secrets, or to send data to external endpoints in the provided code snippet.
Install Mechanism
No install spec is declared (instruction-only skill). The code files included are pure Python and do not invoke installers or pull remote archives; this is low risk from an install mechanism perspective.
Credentials
The skill declares no required environment variables, credentials, or config paths. The runtime instructions and the visible code do not access env vars or secrets. Required privileges appear proportionate to its stated purpose.
Persistence & Privilege
always:false and no code paths that persist data or modify agent/system config are present in the reviewed snippet. The skill can be invoked autonomously (platform default), but that is expected and not excessive here.
Assessment
This skill appears to do what it says: a heuristic, text-only audit that generates a markdown optimization brief and does not ask for credentials or install anything. Before installing or enabling it widely: 1) review the full handler.py (the provided snippet was truncated) to confirm there are no hidden network calls, file writes, or subprocess invocations; 2) run the included tests in a sandbox to verify behavior and to confirm the exported handle() function and output formatting; 3) be aware of a minor correctness issue (platform name vs. weight-key casing) that may make many attributes fall back to generic weights — this affects quality of advice but not security. If you plan to allow autonomous invocation, note that while this skill has no special privileges, any autonomous skill can act without a user prompt — enable it only if you trust its behavior and output.Like a lobster shell, security has layers — review code before you run it.
latestvk9720mq51ztj6g0hrmx096xxsh84ryjg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.