淘宝客全能工具箱

提供淘宝、京东、拼多多商品链接转链、跨平台比价、一键价保及佣金追踪的实用工具箱。

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 1 · 205 · 0 current installs · 0 all-time installs

by@wuhaichao87

MIT-0

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

The described purpose (link conversion, price-compare, price-protect, commission tracking) reasonably requires platform API keys (Zhetaoke, JD, Taobao, PDD). However the skill metadata declares no required env vars or config paths while the instructions explicitly require multiple API credentials and a specific ~/.openclaw/.env path. That mismatch is an incoherence: either the metadata is incomplete or the instructions expect out-of-band setup.

Instruction Scope

The SKILL.md tells the agent/user to run Python scripts from ~/.openclaw/workspace/skills/taobaoke-tool/scripts/*.py and to place credentials in ~/.openclaw/.env. There are no code files and no install spec in the package — the referenced scripts are not present. Instructions also reference remote API endpoints and include what appear to be hardcoded credentials/sample keys. Directing the user to run non-existent scripts and to store credentials without declaring them is scope creep and a practical risk.

Install Mechanism

There is no install specification (instruction-only). Normally low risk, but because the instructions expect local Python scripts under the skill's workspace and no mechanism is provided to install or fetch them, the skill as-distributed is non-functional unless external steps are taken. That gap is a red flag: it requires manual file placement from an unspecified source.

Credentials

The SKILL.md requires multiple API credentials (ZHETAOKE_APP_KEY, ZHETAOKE_SID, JD_UNION_ID, TAOBAO_PID, PDD_PID) and even includes specific key-like values inline. While platform API keys are plausible for the stated functions, the registry lists no required env vars/primary credential, and the inclusion of apparent real keys in the docs is risky and unexplained (could be sample/test keys or leaked secrets). The skill also instructs storing secrets in ~/.openclaw/.env which centralizes credentials — this should be made explicit in metadata and security guidance.

✓

Persistence & Privilege

The skill does not request always: true and does not claim to modify other skills or system-wide settings. Autonomous invocation (disable-model-invocation: false) is platform default and not by itself a new concern. The main issue is missing install files rather than elevated privileges.

What to consider before installing

This skill's instructions expect API keys and local Python scripts, but the package contains only SKILL.md and no install steps or code. Before installing or running anything: 1) Do not copy/paste the API key values shown in the README into your environment — they may be sample, expired, or leaked credentials. 2) Ask the publisher for a proper install spec or the actual script files, and verify their origin (official repository, release tarball, or verified skill source). 3) Confirm which env vars are actually required and why, and prefer creating dedicated API keys you can revoke. 4) If you must test, run the scripts in a restricted sandbox (isolated VM/container) and monitor network calls to see which endpoints are contacted (the doc references zhetaoke.com). 5) If you cannot verify the source or obtain trustworthy install artifacts, avoid adding credentials to ~/.openclaw/.env or running unknown Python scripts — the current manifest is inconsistent and could lead to accidental credential exposure or running unreviewed code.

Like a lobster shell, security has layers — review code before you run it.

Current versionv2.1.0

Download zip

latestvk97bnv6t149pb92cs5sjs0r8vh82p8x9

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

淘宝客全能工具箱 - Taobaoke Toolkit

淘宝客一站式解决方案，支持链接转链、全网比价、自动价保、佣金追踪。

🎯 核心功能

🔗 智能转链：淘宝/京东/拼多多链接自动转为你的佣金链接
💰 全网比价：对比三大平台价格，找出最低价
🛡️ 一键价保：自动申请京东/淘宝价保，追回差价
📊 佣金追踪：记录转链和成交数据
🚀 高佣转链：通过折淘客API获取最高佣金

📦 支持平台

平台	支持格式	商品信息	佣金信息
✅ 淘宝	淘口令、链接	✅ 完整	✅ 完整
✅ 京东	短链接、标准链接	✅ 完整	✅ 完整
✅ 拼多多	mobile.yangkeduo.com链接	⚠️ 基础	⚠️ 基础

🔧 配置参数

在 ~/.openclaw/.env 中配置：

# 折淘客（必需）
export ZHETAOKE_APP_KEY=07d16b40e9c7485d8573f936173aa6d9
export ZHETAOKE_SID=41886

# 京东联盟（京东转链必需）
export JD_UNION_ID=1001703383

# 淘宝联盟（淘宝转链必需）
export TAOBAO_PID=mm_200970015_125850084_116244500128

# 多多进宝（拼多多转链可选）
export PDD_PID=8834451_187671353

🚀 使用方法

主程序（推荐）

python3 ~/.openclaw/workspace/skills/taobaoke-tool/scripts/taobaoke_master.py <链接>

示例：

# 淘宝淘口令
python3 taobaoke_master.py "￥yKnuUEInvoQ￥ CZ11/"

# 京东链接
python3 taobaoke_master.py "https://u.jd.com/NOPmtDz"

# 拼多多链接
python3 taobaoke_master.py "https://mobile.yangkeduo.com/goods.html?goods_id=123456"

单独功能脚本

1. 三平台转链

python3 convert_all_platforms.py <链接>

2. 淘宝转链

python3 taobao_convert_v2.py <淘口令>

3. 京东转链

python3 jd_batch_convert.py <京东链接>

📋 输出示例

🎉 转链成功!

📦 NEW BALANCE NB 男鞋女鞋2002R系列
💰 券后价: ¥659
💰 原价: ¥699
💎 佣金: ¥11.78 (2%)

🔗 你的推广链接:
   链接: https://u.jd.com/NGBSezK

✅ 用户通过此链接购买，你将获得佣金!

🔗 API接口说明

淘宝转链

接口：https://api.zhetaoke.com:10001/api/open_gaoyongzhuanlian_tkl_piliang.ashx
必需参数：appkey, sid, pid, tkl
返回：淘口令、短链接、商品信息、佣金

京东/拼多多转链

接口：http://api.zhetaoke.com:20000/api/open_gaoyongzhuanlian_tkl_piliang.ashx
必需参数：appkey, unionId, tkl
返回：推广链接

📦 依赖技能

✅ taobao - 淘宝/京东/拼多多比价
✅ ecommerce-price-comparison - 电商价格比较
✅ ecommerce-scraper - 电商数据爬取
✅ jd-price-protect - 京东自动价保
✅ taobao-image-search - 淘宝以图搜同款

📝 版本记录

版本	日期	更新内容
v1.0.0	2026-03-11	初始版本，基础转链功能
v2.0.0	2026-03-11	整合三平台转链，添加主程序
v2.1.0	2026-03-11	添加商品信息展示，优化输出格式

💡 使用建议

优先使用主程序 taobaoke_master.py，自动识别平台并转链
淘宝淘口令 转链最完整，包含商品信息和佣金
京东链接 转链完整，支持商品详情
拼多多 基础转链，可生成推广链接

⚠️ 注意事项

转链前确保已配置正确的API密钥
淘宝转链需要 sid 和 pid 匹配
京东转链需要 unionId
佣金比例和金额以实际成交为准

🔗 相关链接

折淘客官网：https://www.zhetaoke.com
京东联盟：https://union.jd.com
淘宝联盟：https://pub.alimama.com
多多进宝：https://jinbao.pinduoduo.com

Files

1 total

Select a file

Select a file to preview.

Comments

Loading comments…