jd-coupon
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to a JD account, the agent could claim many coupons at once rather than only the specific coupon the user intended.
The skill advertises bulk and one-click coupon claiming, which can change a user's JD account state. This is aligned with the coupon purpose, but broad actions should not be performed without user approval.
- 批量领取 - 一键领取所有可用券
Require explicit confirmation of the JD account and coupon scope before any claiming action, especially bulk or one-click claiming.
The agent may need access to private JD account coupon information to answer account-specific questions.
Viewing already-claimed and expiring coupons implies access to the user's JD account data. The artifacts do not show credential handling or hidden token use, so this is a purpose-aligned access note rather than a concern.
- 已领券列表 - 可用优惠券 - 即将到期券
Use only user-approved JD login or API access, and do not provide passwords, cookies, or tokens unless the platform clearly explains how they are protected.