ClawHub

Loss Items 查询(复购商品)

v1.0.0

查询 待复购商品/ 待购买商品 /资损品物品列表/商品补货,支持分页、状态、排序等参数。直接调用你的业务 HTTPS 接口。

0· 113·0 current·0 all-time
by@kunxinian
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description request access to a loss-items API and the skill indeed only requires a single LOSS_API_TOKEN and runs a script that queries a loss-items HTTPS endpoint. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md strictly instructs extracting paging/status/sort parameters from the user, running the local query_loss_items.py with those args, and summarizing the returned JSON. The script reads only LOSS_API_TOKEN and calls the declared API URL; it does not access other files, config paths, or external endpoints beyond the business API.
Install Mechanism
This is instruction-only (no installer). It requires python3 (declared) and runs a Python script that imports 'requests' but the skill does not declare how to ensure the requests package is available. This is an operational gap (will fail if requests is missing) but not a security red flag. No downloads or arbitrary install URLs are used.
Credentials
Only LOSS_API_TOKEN is required and is used to authenticate the single API call — this is proportionate. Consider that the token grants access to the target business API; ensure the token's scope is limited and not a high-privilege or cross-service credential.
Persistence & Privilege
Skill is not always-enabled and does not request persistent or system-wide privileges. It does not modify other skills or system configs.
Assessment
This skill appears to do what it says: run a local Python script that calls your loss-items HTTPS API using LOSS_API_TOKEN. Before installing, verify: (1) the API host (https://pre-detailailifeast.alibaba-inc.com/...) is the intended business endpoint and not an unexpected external service; (2) the LOSS_API_TOKEN you supply has limited scope and is not reused for unrelated services; (3) your environment has the Python 'requests' package available or you provide it; (4) you are comfortable that responses printed by the script may be summarized and returned by the agent. If any of these are unclear, ask the skill author for confirmation or a signed, documented API endpoint and token-scope description.

Like a lobster shell, security has layers — review code before you run it.

latestvk975rpqp5pdtntecbtqggfph3n83901b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
EnvLOSS_API_TOKEN
Primary envLOSS_API_TOKEN

Comments