jd-coupon
AdvisoryAudited by VirusTotal on Apr 2, 2026.
Overview
Type: OpenClaw Skill Name: jd-coupon Version: 1.0.0 The skill bundle consists of standard metadata and functional instructions for an AI agent to manage JD.com coupons. There is no executable code, no evidence of data exfiltration, and no malicious prompt injection attempts within SKILL.md or _meta.json.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to a JD account, the agent could claim many coupons at once rather than only the specific coupon the user intended.
The skill advertises bulk and one-click coupon claiming, which can change a user's JD account state. This is aligned with the coupon purpose, but broad actions should not be performed without user approval.
- 批量领取 - 一键领取所有可用券
Require explicit confirmation of the JD account and coupon scope before any claiming action, especially bulk or one-click claiming.
The agent may need access to private JD account coupon information to answer account-specific questions.
Viewing already-claimed and expiring coupons implies access to the user's JD account data. The artifacts do not show credential handling or hidden token use, so this is a purpose-aligned access note rather than a concern.
- 已领券列表 - 可用优惠券 - 即将到期券
Use only user-approved JD login or API access, and do not provide passwords, cookies, or tokens unless the platform clearly explains how they are protected.