Zto
Security checks across malware telemetry and agentic risk
Overview
The skill is mostly local and privacy-disclosed, but its tracking code appears to make up shipment events rather than fetching real ZTO data.
Use this skill for general ZTO guidance and estimates, but do not rely on its tracking output as real unless it explicitly confirms a live ZTO lookup. Be aware it may store local shipment and address data, and use its privacy controls to review, export, or clear that data.
VirusTotal
No VirusTotal findings
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may make delivery or shipping decisions based on fabricated tracking information.
The tracking function explicitly builds a simulated result with specific shipment events and locations. Because the skill is described as supporting shipment tracking, users could mistake mock data for real ZTO tracking status unless the agent clearly discloses it.
# 模拟查询结果 result = TrackingResult(... description="快件已到达【北京顺义集散中心】" ... sender="上海市", receiver="北京市")
Only present these tracking results as mock/demo data unless a live ZTO data source is actually connected and confirmed.
Tracking numbers and address-related records may remain on the local machine until cleared.
The skill discloses local persistence of shipment history, subscriptions, and possible address records. This is purpose-aligned, but users should understand that local personal logistics data may be retained.
`~/.openclaw/data/zto/zto.db` - stores query history - stores shipment-subscription records - may store saved address records
Use the documented privacy clear/export/info commands when needed, and avoid saving address records on shared machines.
If the runtime is installed later, dependency versions may vary depending on the package index and install time.
The runtime uses third-party Python dependencies with lower-bound version ranges rather than pinned versions. No automatic install script is shown, so this is a supply-chain hygiene note rather than a direct unsafe behavior.
aiohttp>=3.9.0 aiofiles>=23.2.0 cryptography>=42.0.0 qrcode>=7.4.0 pillow>=10.2.0
Install in a virtual environment and consider pinning or reviewing dependency versions before use.