Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Add to Cart from Bitable
v1.0.0从飞书Bitable表格获取商品信息(链接、规格、数量),然后通过浏览器自动化将其加入天猫/淘宝购物车。触发词:加购物车、Bitable商品、批量加购、采购表格。
⭐ 0· 958·1 current·1 all-time
by@lorpha
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the code and SKILL.md: both read records and perform browser automation to add items to carts. However, the JS implementation uses a hardcoded sample records array instead of actually calling the Bitable API, while the SKILL.md explicitly references a Bitable app_token and table_id (included inline as examples). The skill does not declare any required credentials even though Feishu access and a messaging integration are described.
Instruction Scope
Runtime instructions direct the agent to: call feishu_bitable_list_records, execute arbitrary evaluate() JavaScript inside merchant pages (DOM traversal and clicks), and send a Telegram message to a specific recipient id. Executing arbitrary JS in third‑party pages is expected for browser automation, but it can also be used to read page content or interact with elements beyond the stated goal. The SKILL.md also instructs sending notifications to a hardcoded external Telegram target (telegram:1642489086), which is an unexpected external endpoint and could leak data if not intended.
Install Mechanism
This is an instruction-only skill with a small included script; there is no install spec, no external downloads, and no package installs. Nothing is written to disk by an installer here — low install risk.
Credentials
The skill declares no required environment variables or credentials, yet the SKILL.md references a Feishu app_token/table_id and uses a messaging tool that likely requires a Telegram bot token or configured channel. The app_token/table_id included in the doc appear to be example values (but are in plaintext), and the Telegram recipient is hardcoded; the skill should have explicitly declared which credentials it needs and why. The omission is a proportionality/information mismatch that could hide where secrets must be supplied or where data will be sent.
Persistence & Privilege
The skill does not request always:true or any persistent system-wide privileges. It relies on the platform's browser and messaging tools and does not attempt to modify other skills or system configs.
What to consider before installing
Before installing: 1) Confirm how Feishu access will be provided — the SKILL.md shows an app_token/table_id but the skill does not declare required credentials; supplying credentials without understanding scope risks data exposure. 2) Check the Telegram notification target (telegram:1642489086): who receives these reports? If you expect notifications to your own account, replace the hardcoded recipient and verify the messaging channel configuration. 3) Understand that the skill executes arbitrary JS in merchant pages (to find and click elements) — while necessary for automation, it can read page content and interact with elements beyond 'add to cart'. Run first in a dry-run or sandboxed browser profile, verify behavior on non-production accounts, and ensure you are logged in to the correct shopping account. 4) Prefer that the skill explicitly declare required env vars (Feishu app token, Telegram bot token) and avoid embedded example tokens in docs; ask the author for clarity or modify the code to prompt for credentials. If you cannot verify the recipient(s) and credential handling, treat the skill as potentially leaking shopping data and proceed cautiously.Like a lobster shell, security has layers — review code before you run it.
latestvk978ghjm3sgj3k1gmgqbe3cc1n80yd2c
License
MIT-0
Free to use, modify, and redistribute. No attribution required.