Ecom Monitor - 电商数据分析助手
PassAudited by ClawScan on May 1, 2026.
Overview
No malicious behavior is shown, but this instruction-only skill points to missing scripts, external alert channels, and a cron setup that users should inspect before running.
This appears to be a coherent e-commerce monitoring skill, but it is packaged only as instructions. Do not run the referenced pip command, Python scripts, or cron installer unless those files are actually present from a trusted source and you have reviewed what they do, especially any email or WeChat alert behavior.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user finds or creates these missing files elsewhere, they could end up running code that was not part of this reviewed artifact.
The skill relies on a dependency file and helper scripts that are referenced by the instructions but are not included in the supplied file manifest, so any separately obtained files would need independent review.
pip install -r requirements.txt ... python3 scripts/import_prices.py --input products.csv --output data/prices.json
Only run requirements.txt or scripts that are present, trusted, and inspected; avoid fetching missing files from unknown sources.
A scheduled monitor could keep running periodically and may continue sending alerts or modifying local data until removed.
This explicitly installs a recurring scheduled task. That is coherent with monitoring, but it is persistent behavior that continues after the initial setup.
python3 scripts/setup_cron.py --install --interval 60
Before using the cron installer, confirm the scheduled command, data paths, logging behavior, and uninstall procedure.
Price, stock, or product identifiers might be included in notifications sent through external services, depending on how the missing alert script is implemented.
The skill discloses email/WeChat alert channels while also making a broad local-only/no-third-party-upload claim, leaving the exact alert data boundary unclear.
"alert_channels": ["email", "wechat"] ... "数据安全" - 本地存储数据,不上传第三方
Review alert configuration and message contents before enabling email or WeChat notifications, especially for sensitive competitive or business data.