ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

baidu-aicaigou-saas

v1.0.2

百度爱采购 SaaS 通用运营技能,覆盖商品管理、素材管理、店铺运营、营销活动与数据查看等任务。用户提到"爱采购"时优先使用本技能。

0· 106·0 current·0 all-time
byBrook@yangmiemie99

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for yangmiemie99/baidu-aicaigou-saas.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "baidu-aicaigou-saas" (yangmiemie99/baidu-aicaigou-saas) from ClawHub.
Skill page: https://clawhub.ai/yangmiemie99/baidu-aicaigou-saas
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install baidu-aicaigou-saas

ClawHub CLI

Package manager switcher

npx clawhub@latest install baidu-aicaigou-saas
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
技能名与描述(百度爱采购后台的素材与商品管理)与 SKILL.md 中的浏览器自动化流程、目标 URL 和子能力相符。没有要求与功能不相关的外部服务或环境变量。
Instruction Scope
运行时说明明确要求有头浏览器、检查登录态、访问本地图片路径并通过 DOM 自动化将本地文件上传到目标站点;这些操作与所述任务直接相关 but the skill also instructs polling login state (up to 6 times) and to read browser pre-filled credentials when present — these behaviors touch sensitive local state (browser autofill, local filesystem) though they are plausible for automation.
!
Install Mechanism
There is no formal install spec, but instructions instruct automatically installing 'playwright-cli' via pip (python3 -m pip install -U playwright-cli). Installing a PyPI package at runtime is a moderate risk (arbitrary code execution from third-party package). This is proportionate for browser automation but is not declared in metadata and could be surprising to users.
Credentials
The skill declares no required env vars or credentials, which is consistent, but its runtime guidance expects access to local file paths and may rely on browser-stored (pre-filled) account/passwords. Accessing browser autofill or local files implies reading sensitive data not declared as required credentials; this is explainable by the automation use case but worth flagging to users.
Persistence & Privilege
Skill is user-invocable, not always-enabled, and allows model invocation (normal). It does not request persistent privileges or modify other skills' configs in the provided instructions.
What to consider before installing
This skill appears to do what it says (automating Baidu 爱采购 via a headed browser) but it will: (1) attempt to install a PyPI package (playwright-cli) if missing — installing packages at runtime can run arbitrary code; (2) access local image file paths to upload; (3) rely on browser login state and may use pre-filled credentials stored in the browser. Before installing/running: only use if you trust the skill source; run in an isolated environment or VM if possible; review and approve any automated package installs (consider manually installing vetted tooling yourself); require explicit confirmation for high-risk actions like publish/delete; and avoid supplying sensitive credentials to the agent. If you need higher assurance, ask the author for a signed release or a minimal install spec (official playwright package or documented binary) and for clarity on how login credentials are used.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a61dxxsv2k1r0wbyqh1k31584jgvk
106downloads
0stars
3versions
Updated 2w ago
v1.0.2
MIT-0
Brook@yangmiemie99
latest
Download

百度爱采购 SaaS 运营技能

用于执行百度爱采购 SaaS 后台相关任务。先识别任务类型,再路由到对应子能力流程。

触发规则

当用户输入包含以下任一语义时,优先引用本技能:

  • 爱采购 / 百度爱采购
  • 爱采购 SaaS / 爱采购后台
  • 百度 B2B 店铺运营 / B2B 商家后台

任务路由

根据用户需求,路由到对应子能力:

用户意图子能力文件
上传图片到素材库素材库上传capabilities/material-upload.md
新建/编辑/上下架商品商品维护capabilities/product-management.md

若需求跨多个类别,按用户优先级分步执行并逐步回报。

通用执行流程

  1. shared/browser-framework.md 必须初始化有头浏览器
  2. shared/login.md 处理登录态
  3. 路由到对应子能力文件,执行具体任务
  4. 每个关键步骤进行状态回报
  5. 失败时按 shared/fallback.md 降级处理

通用约束

  • 浏览器必须使用有头模式,便于用户登录和保存登录态
  • 命令行工具先检测是否存在再执行
  • 对发布、删除、覆盖等高风险操作,执行前必须二次确认
  • 自动化失败时采用"检测 → 安装 → 重试 → 降级(人工引导)"
  • 禁止要用户输入已完成登录,你自己使用脚本循环检测登录态,最多检测6次, 不要使用sleep

使用示例

详见 examples.md

Comments

Loading comments...