Alibaba Store Analysis
v1.0.0Alibaba International Station weekly business report analysis skill. Retrieves store weekly report data via browser session, validates, and presents structur...
⭐ 0· 118·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's purpose (pulling Alibaba weekly report data via a browser session) matches the instructions: open i.alibaba.com, use the browser context to call Alibaba CRM endpoints, and present structured diagnostics. It does not request unrelated binaries, environment variables, or installs.
Instruction Scope
Instructions confine actions to the user's browser session and Alibaba CRM endpoints (diagnoseData.json and queryWeekReportAllData.json). The agent is instructed to prompt the user to log in and to fetch using credentials:'include'. This is appropriate for the task, but the skill relies on executing fetch in the browser context and on holding the retrieved full-report JSON in memory for later queries — both are functional but merit user attention because the privacy guarantee is only normative (not enforced). The instructions do not direct data to any external domains beyond Alibaba.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk or downloaded. This is the lowest-risk install model.
Credentials
The skill requests no environment variables, credentials, or config paths. It operates using the user's existing browser session (cookies) which is proportional to the stated function.
Persistence & Privilege
always is false and the skill is user-invocable. The skill does not request persistent system privileges or modifications to other skills. It will retain the report JSON in session memory to answer follow-up questions, which is expected behavior for this use case.
Scan Findings in Context
[no-regex-findings] expected: The package is instruction-only and the regex scanner had no code files to analyze. This is expected for a purely procedural SKILL.md.
Assessment
This skill appears coherent with its stated purpose: it uses your browser session to fetch report data from Alibaba and does not request extra credentials or install code. Before installing: (1) confirm you trust the skill author (homepage is missing and the README links to a GitHub user; consider reviewing that repo if available), (2) be aware the skill runs fetch calls in your browser context and will read data accessible via your logged-in session (cookies), (3) do not paste or run arbitrary scripts in your primary browser profile — consider using an isolated browser profile or a dedicated account if data sensitivity is a concern, (4) the SKILL.md states 'do not store or transmit elsewhere' but that is a guideline, not a technical guarantee; avoid using the skill with accounts containing highly sensitive data unless you reviewed the workflow and trust the skill. If you want stronger assurance, ask the developer for the original repo/source or request the skill be packaged with a signed homepage link and explicit provenance.Like a lobster shell, security has layers — review code before you run it.
latestvk9799p1tejt9bkvcfsxb9xgc6x84r1y0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.