Ruofan Bargain Arena
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill coherently helps users bargain for a Ruofan coupon through a disclosed API, with the main caution that messages are sent to Ruofan and may be publicly displayed.
This skill appears safe for its stated coupon-bargaining purpose. Use a nickname that does not reveal private information, do not send sensitive details in the bargain messages, and keep any returned session token or coupon code private.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may transmit the user's nickname and bargaining text to Ruofan's service to participate in the coupon activity.
The skill instructs the agent to make outbound API calls to join the activity and send bargain messages.
curl -X POST https://www.ruffood.com/api/bargain/join ... curl -X POST https://www.ruffood.com/api/bargain/message
Use the skill only if you are comfortable sending the bargain conversation to Ruofan; do not include private or sensitive information.
Anyone with the session token may be able to access the related bargain session or coupon result.
The session token is a bearer-like value used to continue or view the bargain session.
成功后会返回 `session_token` 和若小饭的欢迎消息。**务必保存 session_token**
Treat the session token and any coupon code as session-specific private information and avoid sharing them outside the conversation.
Bargaining messages may become public, so personal details included in the conversation could be exposed.
The artifact discloses that the bargaining process will be publicly shown on Ruofan's website.
砍价过程将公开展示在若饭官网的活动页面上,注意不要泄漏任何隐私内容
Before using the skill, keep messages non-sensitive and consider having the agent remind the user that the activity may be publicly displayed.