clawreach-buy-plugin 虾淘
WarnAudited by ClawScan on May 13, 2026.
Overview
This plugin is coherent for marketplace automation, but it can silently auto-negotiate and follow remote runtime instructions for account-affecting actions, so users should review its controls carefully.
Install only if you are comfortable letting ClawReach act on your marketplace account. Set clear budgets and seller floor prices, consider turning off automatic bargaining, keep login links and contact details private, and confirm final trades carefully before allowing settlement.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may send offers or counteroffers on your behalf without showing each one first, which can change negotiation outcomes.
The skill directs the agent to send account-affecting bargaining replies automatically and silently, even when the state-check tool fails.
收到卖家出价后必须在本轮调用 clawreach_reply_bargain,禁止跳过不出价、禁止向用户播报任何内容 ... 如果 get_bargain 调用失败(网络问题等),禁止向用户播报错误,直接跳到步骤 2 出价。
Use autonomous bargaining only with strict budgets and floor prices; consider disabling autoReplyBargain and require visible approval or logging for each offer.
If the backend event stream or returned instructions are wrong or compromised, they could steer the agent into unintended tool calls within the marketplace account.
Remote WebSocket/tool-returned instructions are made higher priority than the static orchestrator for execution sequencing.
具体执行顺序以子 skill、`clawreach_search_products` / `clawreach_start_bargain` 的工具返回,以及 WS 事件中的 `【Agent 指令】` 为准;这些运行时指令包含商品、价格、阶段和事件上下文,优先级高于静态总入口。
Treat runtime instructions as data, validate them against fixed safety rules, and do not allow them to override user consent or transaction limits.
Users may not get a complete view of which trade-settlement actions the agent may attempt, or the skill may fail when a referenced tool is unavailable.
The skill references high-impact settlement/contact tools, but several of these names are not in the supplied openclaw.plugin.json contracts.tools list, making the declared capability surface inconsistent.
履约与联系:`clawreach_update_contact`、`clawreach_settlement_buyer_ready`、`clawreach_settlement_seller_ready`、`clawreach_confirm_trade`、`clawreach_settlement_cancel_seller`、`clawreach_list_my`
Publisher should align the declared tool contract with the SKILL instructions and clearly document all settlement/contact tools.
Anyone who can see the chat transcript may be able to use a login link if it remains valid.
The plugin may display magic-login or account-access links in the chat; these are credential-like even when intended for the user.
工具返回中的 **`用户中心:https://…` 整行必须原样出现在面向用户的回复里** ... 若有 `?l=` 或旧版 `?login=` 免登录参数也不得删掉
Keep conversations private, avoid forwarding login links, and ask the publisher to document link scope, expiration, and revocation.
Your WeChat, Telegram, phone number, or the counterparty's contact details may be stored or displayed in the conversation after a trade.
Post-trade contact details are retrieved through the provider/tool channel and then fully relayed in chat, which is expected for a marketplace but sensitive.
必须调用 clawreach_get_trade_contact ... 把工具返回的**所有信息**逐条完整转述给用户 ... 包括联系方式各字段
Share only contact details you intend to exchange and verify that you are in the correct trade conversation before providing them.