Fruit Pi
PassAudited by ClawScan on May 14, 2026.
Overview
This skill appears to do what it says—track fruit prices—but it stores a local fruit list and makes web/API requests to collect and update prices.
This looks reasonable for a fruit price tracker. Before installing, know that it can create a local fruit-pool file, cache exchange rates, make web/API requests, and update saved source URLs/prices based on search results. Avoid adding untrusted source URLs if you do not want the agent to fetch them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When you ask for prices, the agent may make web requests and may update the fruit pool based on search results.
The skill will run collection logic and use web search/fetching when price data is missing or stale. This is expected for a fruit price tracker, but it means external content can influence collected prices and sources.
价格模式 ... 执行完整收集流程:读池→拉价格→搜补→展示 ... 当脚本返回 `status: "no_price"` ... 使用 web_search 手动搜索价格。
Use trusted price-source URLs where possible and treat automatically discovered prices as informational, especially before making purchasing or business decisions.
Your tracked fruit list and source choices can persist across sessions and influence future price answers.
The skill persistently stores tracked fruits, source URLs, last prices, and update metadata, and it may update that state from web search results. This is disclosed and aligned with the skill’s purpose.
`workspace/memory/fruit-pool.json` - 水果池(用户区,不上传) ... 成功 → 更新水果池的 last_price / sources
Review the fruit pool periodically and remove sources or fruits you no longer want the agent to use.
You have less external context for verifying who maintains the skill or where its code originated.
The registry does not provide a source repository or homepage for provenance review. No remote install script or suspicious dependency is shown, so this is a transparency note rather than a behavior concern.
Source: unknown; Homepage: none
Install only if you trust the publisher or are comfortable relying on the included artifact review.