ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Shopify Category Collector

v1.0.0

Shopify 网店分类链接采集器 - 自动从导航提取真实分类层级,处理 Ajax 懒加载下拉菜单,一级分类二级分类分别放在不同单元格,输出 CSV。支持 Shopify 多级别分类导航。

0· 214·0 current·0 all-time
by@qirongzhang

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for qirongzhang/category-collector.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Shopify Category Collector" (qirongzhang/category-collector) from ClawHub.
Skill page: https://clawhub.ai/qirongzhang/category-collector
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install category-collector

ClawHub CLI

Package manager switcher

npx clawhub@latest install category-collector
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description (Shopify category collector) align with the included scripts: multiple Node.js/Playwright scrapers that navigate shop pages, extract menu/breadcrumbs, take screenshots and write CSVs. Playwright is an expected dependency for this purpose.
Instruction Scope
SKILL.md and scripts instruct the agent/user to run node collect*.js to visit the target site(s), capture screenshots, traverse links and save CSVs. The instructions and code only read page content and write local files; they do not exfiltrate data to external endpoints. Note: the skill will visit many category pages (makes outbound requests to the target domain) and will save screenshots/CSV to disk.
!
Install Mechanism
Registry metadata claims 'instruction-only' / no install spec, but the package contains package.json and package-lock (Playwright dependency). There is no install step declared for the agent; running the scripts requires 'npm install' and Playwright browser binaries (npx playwright install chromium). package-lock references a mirror (registry.npmmirror.com) which is a non-default npm mirror — not necessarily malicious but worth noting. The missing install spec is an operational inconsistency and could cause failures or surprises if the agent tries to run scripts without installing dependencies.
Credentials
No environment variables, credentials, or config paths are requested. The scripts only write files to disk (default output C:\workspace\caiji) and take screenshots. No secrets are required or used.
Persistence & Privilege
Skill does not request 'always: true', does not modify other skills, and does not persist credentials. It writes output files and screenshots into a filesystem path under the user's control. That is expected for a scraper tool.
What to consider before installing
This package appears to be a coherent Shopify navigation scraper, but take these precautions before installing or running it: - Review and run the code in an isolated environment (VM/container) first. The scripts will launch a browser and visit many pages on the target site and write files locally. - Install dependencies explicitly: run 'npm install' in the package directory, then 'npx playwright install chromium' (Playwright requires browser binaries). The package-lock references a mirror (npmmirror); you may prefer to use the official registry (registry.npmjs.org) when installing. - Edit the default output path: the scripts default to C:\workspace\caiji (Windows). Change it to a safe, platform-appropriate directory before running to avoid path errors or accidental writes. - Be mindful of scraping policies and rate: visiting many category pages may be rate-limited or violate a site's Terms of Service — obtain permission if needed and throttle requests. - Because the registry metadata omitted an install spec but code exists, the agent/operator must ensure dependencies and Playwright browsers are installed; otherwise the scripts will fail. If you want me to: (a) generate a safe install/run checklist (commands to run in a sandbox), (b) point out any specific lines of code to change (e.g., default paths, headless flag), or (c) re-audit for any additional concerns, tell me which and I will provide tailored steps.
collect-improved.js:234
Dynamic code execution detected.
debug-liverpool.js:78
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk975ehwfp7jamwm3fkab8vh1bh835eqb
214downloads
0stars
1versions
Updated 8h ago
v1.0.0
MIT-0
@qirongzhang
latest
Download

Shopify 分类采集器 (Category Collector)

自动采集 Shopify 网店分类链接,从导航结构提取真实分类层级,一级分类和二级分类分别放在不同单元格,输出标准 CSV 文件。

功能特点

  • 从导航结构提取真实层级 - 不是仅从 URL 猜测,而是根据实际导航菜单提取
  • 处理 Ajax 懒加载 - 支持需要鼠标悬停才加载的下拉菜单
  • 一级/二级分类分开 - 一级分类放在一个单元格,二级分类放在另一个单元格
  • 根据实际层级分栏 - 有多少层分多少层,自动检测实际深度
  • 清晰中文表头 - Excel 可以直接打开,一目了然
  • 自动创建输出目录 - 自动截图保存首页

适用场景

这个技能特别适合:

  • Shopify 网店分类导航采集
  • 一级菜单 + 下拉二级菜单结构
  • Ajax 懒加载下拉菜单(主题常用结构)
  • 需要将层级分别导出到不同单元格

使用方法

# 采集分类(默认输出到 C:\workspace\caiji)
node collect.js <网站URL>

# 指定输出目录
node collect.js <网站URL> C:\输出目录

# 查看帮助
node collect.js

CSV 输出格式(完全符合要求)

列名说明
完整链接分类页面的完整 URL
URL 路径 slugURL 中的路径部分
一级分类提取的第一级分类名称
二级分类提取的第二级分类名称
实际层级深度实际有多少级分类

示例(你要求的格式)

对于链接 https://lulumonclick-eu.shop/collections/women-women-clothes-tank-tops

字段
完整链接https://lulumonclick-eu.shop/collections/women-women-clothes-tank-tops
URL 路径 slugwomen/women-clothes-tank-tops
一级分类Women
二级分类Women Clothes Tank Tops
实际层级深度2

对于 https://shop.futvortexstore.com/collections/liverpool

字段
完整链接https://shop.futvortexstore.com/collections/liverpool
URL 路径 slugpremier-league/liverpool
一级分类Premier League
二级分类Liverpool
实际层级深度2

完全符合你的要求! 👍

安装

npm install
# 如果你已经安装了 playwright,不需要重复安装

依赖:

  • playwright(已安装)

测试结果

https://shop.futvortexstore.com/ 测试:

  • 找到 10 个一级分类
  • 采集到 42 个分类
  • 其中 6 个一级分类有二级分类,共 32 个二级分类
  • 正确提取层级:Premier League 一级 → Liverpool 二级 ✅

作者

Created by OpenClaw 根据需求自动生成

Comments

Loading comments...