Ruofan Bargain Arena
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent for a Ruofan coupon-bargaining activity, but it shares the user's participation code, nickname, and messages with Ruofan's API and uses a session token.
This appears safe to use if you intend to join the Ruofan bargaining activity. Before using it, verify the event/domain, provide only the required passphrase and a nickname you are comfortable sharing, avoid personal details because the activity may be publicly displayed, and keep the returned session token private.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with the session token may be able to continue or inspect the bargain session.
The skill requires retaining and reusing a session token that controls the bargain conversation; this is necessary for the activity but should be handled like a credential.
成功后会返回 `session_token` 和若小饭的欢迎消息。**务必保存 session_token**,后续对话都需要它。
Use the token only for this activity, avoid exposing it in unrelated chats or public places, and stop using the skill if you do not trust the service.
The external service receives the user's participation code, nickname, and bargaining messages.
The skill sends the user's activity passphrase and nickname to an external API, and later sends bargain messages to the same service.
curl -X POST https://ruffood.com/api/bargain/join ... -d '{"passphrase": "用户提供的暗号", "name": "用户昵称"}'Only provide information intended for this Ruofan activity, and do not include private or sensitive details in bargain messages.
Users have less registry-level context for confirming that the skill is officially associated with the Ruofan activity.
The skill has no runnable install artifacts, but its registry metadata does not provide a source or homepage for users to verify provenance.
Source: unknown; Homepage: none
Verify the event and ruffood.com endpoint through trusted Ruofan channels before entering a one-time activity passphrase.