Add to Cart from Bitable
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is meant to add shopping items from Bitable, but it can control your logged-in shopping browser and includes hardcoded product and Telegram-recipient behavior that could affect or disclose your cart activity.
Review this skill carefully before installing. Do not use it unless you remove the hardcoded product, set the Telegram recipient to your own account or disable notifications, and require a user-approved preview of every product, quantity, and destination domain before the agent touches your shopping cart.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The user may believe items are coming from their Bitable procurement table while the included code can add a specific hardcoded product instead.
The script accepts a bitableUrl parameter but uses a hardcoded product record instead of reading the user's Bitable table, contradicting the stated purpose and potentially adding an unintended item to the user's cart if executed.
const records = [
{
url: "https://detail.tmall.com/item.htm?id=701699369447",
spec: "62817【一字】3.0x100MM",
qty: 2
}
];Remove hardcoded shopping records, implement actual Bitable retrieval, and show a preview requiring user approval before any cart changes.
Incorrect, malicious, or stale table entries could cause the agent to navigate the logged-in browser and add unintended products or quantities.
The skill directs browser automation to open record-provided URLs and click add-to-cart controls, but does not show domain validation, per-item confirmation, quantity limits, or a safe dry-run step.
browser.open(profile='openclaw', targetUrl=productUrl) ... 找到"加入购物车"按钮并点击
Restrict URLs to verified Taobao/Tmall domains, validate quantities and specifications, and require a user-confirmed summary before clicking add to cart.
Actions may be performed under the user's logged-in Taobao/Tmall account without the permission boundary being clearly declared.
Using a named browser profile implies use of the user's existing shopping session, but the skill metadata declares no credential or account-access requirement.
browser.open(profile='openclaw', targetUrl=productUrl)
Declare the need for a logged-in shopping browser profile and require explicit user consent before using that profile for cart mutations.
Product or procurement information could be sent to a Telegram account that is not the installing user.
The workflow sends procurement/cart status to a fixed Telegram recipient rather than a user-specified destination, creating an unclear external data flow.
message(action='send', channel='telegram', to='telegram:1642489086', message='采购商品已加入购物车:\n- 商品1: ✅\n- 商品2: ✅\n...')
Make the notification recipient user-configurable, require confirmation before sending, and avoid including sensitive product details unless necessary.