ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

比货购物助手

v0.1.0

比货全网商品对比工具,从价格、品质、评价、返利等多维度对比同类商品,帮助用户做出最优购买决策。

0· 41·0 current·0 all-time
by@fangshan101-coder
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description describe a shopping-comparison tool; no requested binaries, env vars, or installs conflict with that purpose.
!
Instruction Scope
SKILL.md is high-level and instructs the agent to search '各平台实时价格' and '汇总各平台用户评价' but does not specify which platforms, APIs, or methods to use, nor does it constrain scraping behavior, rate limits, or handling of authenticated data. This vagueness grants the agent broad discretion to perform network scraping or seek credentials at runtime.
Install Mechanism
No install spec and no code files — lowest-risk delivery model; nothing will be written to disk by an installer.
Credentials
The skill declares no required environment variables, credentials, or config paths, which is proportionate for a read-only comparison assistant. However, real operation may require credentials for some platforms — the skill does not request or justify any.
Persistence & Privilege
always:false and no special privileges requested. The skill does not request persistent or cross-skill configuration changes.
What to consider before installing
Before installing, consider asking the developer for details about how the skill obtains its data: which e-commerce platforms/APIs it queries, whether it scrapes HTML (and if so, whether it honors robots.txt and rate limits), whether any credentials or logins are required, and how collected data is stored or transmitted. Because the SKILL.md is intentionally vague, the agent could decide to perform broad web requests or prompt you to provide platform logins later — if you need to use this safely, request explicit limits on data sources, a privacy policy, and a description of any required credentials. If you cannot obtain those details, treat the skill as higher risk and prefer alternatives that use well-documented APIs or transparent integrations.

Like a lobster shell, security has layers — review code before you run it.

latestvk9784ga0z5devmhmpbbze6rbj983sx85

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments