ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pinduoduo Automation

拼多多管家支持商品管理、订单处理、数据分析、竞品监控及智能定价,助力店铺运营自动化和销售优化。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
2 · 358 · 0 current installs · 0 all-time installs
by@wukaikai522
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md claims extensive capabilities (商品管理, 订单处理, 竞品监控, 智能定价, 报表/自动化), but the repository contains only two small placeholder shell scripts and a config template. There are no binaries, no implementation of the CLI commands referenced (e.g., `pinduoduo-automation daily-report`, `diagnose`, `test-connection`), and many files referenced in the file tree (product_manager.sh, order_processor.sh, data_analyzer.sh, pricing_engine.sh, README.md) are missing. The declared functionality is disproportionate to the actual artifacts included.
!
Instruction Scope
Runtime instructions tell the user to edit a config file under ~/.openclaw/workspace/skills/... and run named CLI commands, but the package contains no executable or entrypoint implementing those commands. The two provided scripts are inert placeholders that only echo TODO content and one writes a static report with zeros. The SKILL.md also asserts encryption of API keys and logging practices, but no mechanism or scripts to implement those security features are present. Instructions are therefore misleading and grant the agent wide discretion without concrete implementation.
Install Mechanism
There is no install specification (instruction-only with a couple of small scripts). That is low-risk from an automatic install perspective because nothing is automatically downloaded or executed during install.
Credentials
No environment variables or credentials are required by the registry metadata, but config.yaml includes fields for app_key, app_secret, and access_token (expected for an API-integrated ecommerce tool). This is not inherently excessive, but the skill does not declare or implement secure storage or an expected method for those secrets; SKILL.md claims encrypted storage but provides no code to perform it. Also the absence of declared required env vars while a config file expects Secrets may confuse users.
Persistence & Privilege
The skill is not always-enabled and is user-invocable (defaults). It makes no request to change other skills or system-wide settings. There is no install-time persistence mechanism in the package.
What to consider before installing
This package appears to be an incomplete or placeholder 'Pinduoduo automation' skill rather than a working product. Before installing or providing any API keys: 1) Ask the author for the canonical source repository or release that implements the CLI and encryption/logging claims; 2) Do not paste real app_key/app_secret/access_token into the config.yaml until you confirm how they are stored/used; 3) Verify the presence of actual network/HTTP client code that talks to open.pinduoduo.com and review it for secure handling of credentials; 4) Because the skill references a paid model and payment account setup, confirm the vendor and payment flow externally rather than via these files; 5) If you want to test, run it in an isolated environment (no production credentials) and expect the current scripts to only generate static demo reports. The inconsistencies could be benign (work-in-progress) but also mean the package is not yet suitable for real use.

Like a lobster shell, security has layers — review code before you run it.

Current versionv2.0.2
Download zip
latestvk9775kpv0g3xq551t62gn27y0d81yxjz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

拼多多管家 - 店铺运营自动化系统

🎯 技能概述

整合版拼多多商家自动化管家,融合店铺运营、数据分析、竞品监控、自动定价等核心能力。

🔧 核心能力

1. 店铺运营管理

  • 商品上下架自动化
  • 库存同步与预警
  • 订单自动处理
  • 物流跟踪

2. 数据分析

  • 销售日报/周报/月报
  • 流量来源分析
  • 转化率监控
  • ROI 计算

3. 竞品监控

  • 价格监控与预警
  • 销量追踪
  • 评价分析
  • 差异化建议

4. 智能定价

  • 成本 + 利润自动计算
  • 竞品价格对比
  • 动态定价策略
  • 促销活动建议

5. 营销自动化

  • 详情页自动生成
  • 客服话术库
  • 促销活动配置
  • 评价回复模板

📁 文件结构

pinduoduo-automation/
├── SKILL.md              # 本文件
├── README.md             # 使用文档
├── config.yaml           # 配置文件
├── scripts/
│   ├── product_manager.sh    # 商品管理
│   ├── order_processor.sh    # 订单处理
│   ├── data_analyzer.sh      # 数据分析
│   ├── competitor_monitor.sh # 竞品监控
│   └── pricing_engine.sh     # 定价引擎
└── reports/              # 报告输出目录

⚙️ 快速开始

1. 配置店铺信息

# 编辑配置文件
nano ~/.openclaw/workspace/skills/pinduoduo-automation/config.yaml

# 填写店铺 ID、API 密钥等

2. 运行诊断

# 检查配置
pinduoduo-automation diagnose

# 测试连接
pinduoduo-automation test-connection

3. 执行任务

# 生成销售日报
pinduoduo-automation daily-report

# 监控竞品价格
pinduoduo-automation monitor-competitors

# 自动定价建议
pinduoduo-automation pricing-suggestions

📊 报告输出

  • 每日销售报告:reports/daily-YYYY-MM-DD.md
  • 竞品分析报告:reports/competitor-YYYY-MM-DD.md
  • 定价建议报告:reports/pricing-YYYY-MM-DD.md

🔐 安全说明

  • API 密钥加密存储
  • 操作日志记录
  • 敏感数据脱敏
  • 权限最小化原则

💰 商业模式

  • 自用:免费
  • 多店铺管理:按需定制
  • 数据分析报告:可对外服务

版本: 2.0.0 (整合版) 状态: 开发中 优先级: 最高

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…