Shopping Advisor
v1.0.0Shopping decision skill. Compares similar products, explains price gaps, judges whether something is worth buying, suggests better directions, flags common p...
⭐ 0· 80·0 current·0 all-time
byhaidong@harrylabsj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (shopping decision helper) match the included scripts and schema: normalize -> decide -> analyze. Required capabilities (none) are proportionate to its purpose. The repository contains local Python scripts to implement the stated functionality and no unrelated cloud or admin access is requested.
Instruction Scope
SKILL.md defines a bounded workflow (collect minimal info, normalize candidates, produce a decision report). The runtime scripts only read JSON from stdin, parse/normalize product info, compute comparisons, and write JSON/text to stdout. They do not read arbitrary system files, do not open network sockets, and do not instruct the agent to access secrets or external endpoints.
Install Mechanism
No install spec is present (instruction-only installation), which is the lowest-risk pattern. The repo does include runnable Python scripts, but they are executed locally and do not pull remote code or run installers. No downloads, package installs, or extraction from untrusted URLs are used.
Credentials
The skill requests no environment variables, no credentials, and no privileged config paths. All inputs come from structured user-provided JSON (titles, URLs, price hints). There are no secrets or broad environment accesses declared or used in the code.
Persistence & Privilege
The skill does not request always:true and does not modify system or other skill configs. It runs on-demand using stdin/stdout; autonomous model invocation is allowed by platform default but the skill itself does not create persistent background services or store credentials.
Assessment
This skill appears coherent and low-risk: it only processes user-provided product data locally and outputs recommendations. Before installing or running, consider: (1) run the included scripts on sample inputs in a sandbox to verify behavior, (2) avoid piping sensitive files into the scripts (they only expect JSON product data), and (3) re-review any future updates for network calls or newly required environment variables — those would be the main signals of increased risk.Like a lobster shell, security has layers — review code before you run it.
latestvk97fdkae4b385aw5gjd3tq2n0s840dbj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.