ClawHub

Shipment Tracker

v1.1.1

Track packages across carriers (USPS, UPS, FedEx, DHL, Amazon, OnTrac, LaserShip). Use when: user asks about package status, adds a tracking number, wants de...

1· 663·3 current·3 all-time
byPaul Frederiksen@pfrederiksen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the script parses a shipments markdown file, detects carrier patterns, builds carrier tracking URLs, and performs HTTPS GETs to carrier pages. There are no unrelated permissions, binaries, or credentials requested.
Instruction Scope
Runtime instructions and the script are scoped to reading a single markdown file and making read-only HTTPS requests. However, the SKILL.md explicitly supplies an optional 'browser-use' command that sends tracking numbers and URLs to a cloud browser/LLM service for JS-heavy pages; that step transmits user shipment data outside the local machine and is a privacy decision the user must make.
Install Mechanism
No install spec or external downloads are provided (instruction-only skill + included Python script). Nothing is written to disk by an installer; risk from installation is low. The optional dependency 'browser-use' is noted but not auto-installed by the skill.
Credentials
The skill requests no environment variables or credentials, which is appropriate. One caveat: the optional browser-use flow relies on a third-party module/service that may require credentials or send data to external providers; those network interactions are not controlled via declared env vars in the skill metadata.
Persistence & Privilege
The skill does not request permanent presence (always:false), does not modify other skills or system configs, and performs only read operations on a specified file and outbound HTTPS GETs.
Assessment
This skill appears internally consistent with its description, but be mindful of privacy when following the browser-use fallback: the provided command sends tracking numbers, tracking URLs, and order details to a cloud browser/LLM service (explicitly noted by the author). If your shipments are sensitive, run the HTTP-only checks locally or perform manual browser checks. Before using the cloud fallback, review the 'browser_use' package and the cloud provider's privacy/retention policies, and confirm whether any API keys or credentials are required. If you enforce strict egress policies, run the script in an environment without outbound access or disallow the cloud browser step.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bg0p9h755f6wkr449f7kzbx81q2nn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments