03 Logistics Alert
Analysis
This instruction-only logistics skill has no code, but it should be reviewed because it can push user-provided anomaly judgments into supplier scoring/other skills and presents itself as an official Alibaba internal tool without clear provenance.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
如 AE-10 累计 ≥3次/月 → 触发限量评估 ... action_required: [供应商约谈, 暂停新单接入]
Batch anomaly detection can cascade from user-provided order data into supplier reviews and order-intake restrictions without clearly stated verification or approval gates.
author: 阿里巴巴内控部(思维训练版) ... 你是阿里巴巴内控部的物流异常预警专家
The skill frames itself as an Alibaba internal-control expert; with the provided registry source listed as unknown and no homepage, that authority claim is not substantiated by the artifacts.
reference: docs/GLOSSARY.md ... docs/INSUFFICIENCY-HANDLING.md ... docs/RULE-UPDATE-SOP.md ... docs/LINKING-SOP.md
The skill relies on referenced rule, insufficiency-handling, update, and linking documents that are not present in the provided file manifest.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
触发 Skill 2 联动:通知 Skill 2:该供应商有 AE-10 事件;Skill 2 追加违规记录(A4维度扣分)
The skill directs another skill to receive supplier incident data and change a scoring record, but it does not define the other skill's identity, permissions, data fields, or approval boundary.
记录每次异常,异常数据纳入供应商风险评分(联动风险评分Skill)
The artifact instructs persistent recording of anomaly data into supplier risk scoring, but does not define validation, retention, correction, or deletion controls.