Sycm Analysis Skill
v1.0.0Taobao Sycm (Business Advisor) data analysis tool. Use when the user wants to retrieve a store's weekly business report, generate business insights, or fetch...
⭐ 0· 77·1 current·1 all-time
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the runtime instructions: the skill polls Sycm internal endpoints to request and retrieve a weekly report. No unrelated services, binaries, or credentials are requested.
Instruction Scope
Instructions focus on Sycm endpoints and require the user to be logged into sycm.taobao.com. They instruct the agent to prompt the user for QR login, poll the login page, and perform fetch requests to Sycm APIs. Note: the workflow explicitly instructs use of an Exec tool to poll the login page; while coherent for checking redirects, Exec can run arbitrary commands on some platforms — the instructions constrain it to network polling, but this is the one place to review if you are concerned about command execution privileges.
Install Mechanism
Instruction-only skill with no install spec and no code files to write to disk. This is low-risk from an install perspective.
Credentials
No environment variables or external credentials are requested. The skill requires the user to be logged-in in their browser (session/cookies) to access Sycm, which is proportionate to the stated task.
Persistence & Privilege
The skill does not request permanent presence (always:false) and does not modify other skills or system settings. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges here.
Assessment
This skill appears to do exactly what it says: it will use your logged-in Sycm browser session to call Sycm endpoints, poll for report generation, and return the Markdown content. It asks for no extra API keys or installs. Before using it: (1) be aware it will access your Sycm session/cookies — only run it if you trust the skill and you are comfortable exposing that session to the agent; (2) review any returned report before pasting or sharing it elsewhere (it may contain private business data or Qianniu links); (3) if you are concerned about the agent running shell commands, ask for clarification about what the platform Exec tool will run (the skill's instructions confine it to polling the login page, but Exec capabilities vary by platform); (4) because the skill source/homepage is unknown, prefer to use it interactively rather than granting broad autonomous privileges in high-risk environments.Like a lobster shell, security has layers — review code before you run it.
latest
Sycm Analysis Skill
Overview
This skill retrieves weekly business reports from Taobao Sycm by calling internal APIs via a browser session. It handles login verification, asynchronous polling for report generation, and returns the full Markdown report.
Core Workflow Steps
- Login Check – Ensure the user is logged into
sycm.taobao.com. If redirected tologin.taobao.com, prompt the user to complete QR‑code login and poll until the session is authenticated. - Initiate Report Request – Send a request to
https://sycm.taobao.com/ucc/next/message/send.jsonwith the query查看周报. ExtractconversationCodeandsendTimefrom the JSON response. - Poll for Result – Every 5 seconds, request
https://sycm.taobao.com/ucc/next/message/getReportResult.json?conversationCode={conversationCode}&sendTime={sendTime}untildata.contentis non‑empty or a 5‑minute timeout is reached. - Return Report – Output the
data.contentMarkdown directly to the user, preserving charts, links, and Qianniu URLs.
Usage Example
openclaw skill run sycm-analysis-skill
The skill will guide the user through login if needed and then provide the weekly report.
References
Full technical details, API endpoints, and error‑handling matrix are in references/workflow.md.
Created by Simon Cai · More e-commerce skills: github.com/simoncai519/open-accio-skill
Comments
Loading comments...