Crossborder Ecom Hub

v1.0.1

专业跨境电商多平台管理工具，支持TikTok、Amazon、Shopee、Lazada商品、订单、库存同步及智能定价。

⭐ 0· 188·0 current·0 all-time

by@lvjunjie-byte·duplicate of @lvjunjie-byte/crossborder-ecom-hub

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for lvjunjie-byte/crossborder-ecom-hub-lvjunjie.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Crossborder Ecom Hub" (lvjunjie-byte/crossborder-ecom-hub-lvjunjie) from ClawHub.
Skill page: https://clawhub.ai/lvjunjie-byte/crossborder-ecom-hub-lvjunjie
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install crossborder-ecom-hub-lvjunjie

ClawHub CLI

Package manager switcher

npx clawhub@latest install crossborder-ecom-hub-lvjunjie

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

Registry top-level metadata (requirements: no env vars, primary credential: none, 'instruction-only') contradicts the bundled files (package.json, bin/cli.js, many src/*.js) and the SKILL.md which instructs storing numerous API keys for TikTok, Amazon, Shopee, Lazada and Feishu. A real multi‑platform e‑commerce tool reasonably needs those credentials, but the registry listing incorrectly says none are required — this mismatch is incoherent and increases risk.

Instruction Scope

SKILL.md instructs creating a config at ~/.crossborder-ecom/config.json and storing many API keys (including Amazon secretKey and Feishu bitableToken). The runtime instructions and CLI code will read/write that file and use those credentials to call external platform APIs (expected). However the SKILL.md and commands reference environment variables that are not declared in the top-level registry metadata. The instructions do not explicitly tell the agent to read unrelated system files, but they do instruct persistent storage of sensitive credentials in the user's home directory — this should be considered when granting access.

Install Mechanism

The registry states 'No install spec — instruction-only', but the skill bundle includes a full Node.js package (package.json), a CLI binary (bin/cli.js), and many src files. That means this is not simply an instruction-only skill: it contains executable code which will run if installed. There is no remote download of arbitrary code in the install spec (the code is bundled), but the mismatch between 'instruction-only' and actual code presence is an inconsistency that reduces transparency.

Credentials

The SKILL.md and config.example request many secrets: TikTok apiKey/apiSecret, Amazon accessKey/secretKey, Shopee partnerId/apiKey, Lazada apiKey/apiSecret, and Feishu appId/appSecret/bitableToken (also possible webhooks). Those are appropriate for the stated multi‑platform purpose, but the top-level metadata claims no required env vars. Requiring multiple unrelated credentials (payment/marketplace + internal collaboration token) increases blast radius if the skill is malicious or buggy. Users should only provide the minimum necessary credentials and verify code handling them.

ℹ

Persistence & Privilege

The tool will create and use ~/.crossborder-ecom/config.json to persist credentials and settings (bin/cli.js does this). always:false (no forced installation) and system autonomy flags are default. Persisting secrets locally is expected for a CLI of this kind, but storing multiple secrets in a file increases risk if the bundle is untrusted. The skill does not request elevated system-wide privileges in metadata, but it will write to the user's home directory.

What to consider before installing

This package is internally inconsistent: the registry claims no env vars and 'instruction-only', yet the bundle includes runnable Node.js code and the SKILL.md instructs you to store many API secrets in ~/.crossborder-ecom/config.json. Before installing or providing credentials: 1) Verify the upstream source (the registry shows 'Source: unknown' while README and clawhub.json reference a GitHub repo) — confirm the repo and tags on GitHub and that the maintainer is trusted. 2) Inspect the missing src files (especially src/feishu.js and src/platforms/*) for any hard-coded or unexpected remote endpoints, telemetry, or credential exfiltration. 3) Prefer using least-privilege credentials (scoped API keys, read-only tokens) and avoid providing root/owner-level secrets. 4) Run the tool in an isolated environment (container or disposable VM) and monitor outbound network requests on first run. 5) If you need to use it in production, request clarification from the author and a signed/reproducible release; do not install or store live marketplace secrets until you confirm the code behavior.

✗

src/feishu.js:10

Environment variable access combined with network send.

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk970wqtcp88ddfbdfhnj51vxax838jyq

188downloads

0stars

1versions

Updated 11h ago

v1.0.1

MIT-0

crossborder-ecom-hub - 跨境电商多平台管理技能

🌏 技能描述

CrossBorder Ecom Hub 是一个专业的跨境电商多平台管理技能，帮助卖家统一管理 TikTok、Amazon、Shopee、Lazada 等多个电商平台的商品、订单、库存和定价。

核心功能

多平台商品同步 - 一键将商品从一个平台同步到其他所有平台
统一订单管理 - 聚合所有平台订单，提供统一视图和分析
智能定价系统 - 根据各平台竞争情况自动调整价格
实时库存同步 - 确保多平台库存一致性，防止超卖
数据分析报表 - 销售、利润、库存等多维度分析
飞书多维表格集成 - 自动同步数据到飞书 Bitable

支持平台

🎵 TikTok Shop
📦 Amazon Seller Central
🛍️ Shopee
🏪 Lazada

📦 安装

# 使用 skillhub 安装（推荐）
skillhub install crossborder-ecom-hub

# 或使用 clawhub 安装
clawhub install crossborder-ecom-hub

⚡ 快速开始

1. 初始化配置

crossborder-ecom init

这会创建配置文件 ~/.crossborder-ecom/config.json

2. 配置 API 密钥

编辑配置文件，添加各平台 API 密钥：

{
  "platforms": {
    "tiktok": {
      "apiKey": "your_tiktok_api_key",
      "apiSecret": "your_tiktok_api_secret"
    },
    "amazon": {
      "accessKey": "your_amazon_access_key",
      "secretKey": "your_amazon_secret_key",
      "region": "us-east-1"
    },
    "shopee": {
      "partnerId": "your_shopee_partner_id",
      "apiKey": "your_shopee_api_key"
    },
    "lazada": {
      "apiKey": "your_lazada_api_key",
      "apiSecret": "your_lazada_api_secret"
    }
  },
  "feishu": {
    "appId": "your_feishu_app_id",
    "appSecret": "your_feishu_app_secret",
    "bitableToken": "your_bitable_token"
  }
}

3. 检查平台连接

crossborder-ecom platform --status

4. 开始同步商品

crossborder-ecom sync --all --feishu

📖 使用文档

商品同步

# 同步所有商品
crossborder-ecom sync --all

# 从 TikTok 同步到 Amazon
crossborder-ecom sync --from tiktok --to amazon

# 同步指定商品
crossborder-ecom sync --product-ids prod_1,prod_2,prod_3

# 同步并更新飞书多维表格
crossborder-ecom sync --all --feishu

订单管理

# 列出所有订单
crossborder-ecom order --list

# 按平台过滤
crossborder-ecom order --list --platform tiktok

# 按状态过滤
crossborder-ecom order --list --status pending

# 按日期范围
crossborder-ecom order --list --date-from 2024-01-01 --date-to 2024-01-31

# 导出订单
crossborder-ecom order --list --export

智能定价

# 分析竞争价格
crossborder-ecom pricing --analyze

# 生成定价建议
crossborder-ecom pricing --suggest

# 应用定价策略
crossborder-ecom pricing --apply --strategy competitive

# 指定利润率
crossborder-ecom pricing --apply --margin 35 --strategy aggressive

定价策略说明：

competitive - 竞争性定价（跟随市场均价）
aggressive - 激进定价（低价抢占市场）
conservative - 保守定价（保证高利润）

库存管理

# 同步多平台库存
crossborder-ecom inventory --sync

# 检查库存状态
crossborder-ecom inventory --check

# 设置低库存预警
crossborder-ecom inventory --check --alert 5

# 更新库存
crossborder-ecom inventory --update

数据报表

# 销售报表
crossborder-ecom report --sales

# 库存报表
crossborder-ecom report --inventory

# 利润分析
crossborder-ecom report --profit

# 平台对比
crossborder-ecom report --platform

# 指定周期
crossborder-ecom report --sales --period monthly

# 导出报表
crossborder-ecom report --sales --export ./reports/

平台管理

# 列出已配置平台
crossborder-ecom platform --list

# 添加平台
crossborder-ecom platform --add tiktok

# 移除平台
crossborder-ecom platform --remove shopee

# 检查平台状态
crossborder-ecom platform --status

🔧 配置说明

环境变量

也可以通过环境变量配置：

# 平台 API 密钥
export TIKTOK_API_KEY=your_key
export AMAZON_ACCESS_KEY=your_key
export SHOPEE_API_KEY=your_key
export LAZADA_API_KEY=your_key

# 飞书配置
export FEISHU_APP_ID=your_app_id
export FEISHU_APP_SECRET=your_app_secret
export FEISHU_BITABLE_TOKEN=your_token

飞书多维表格配置

在飞书开放平台创建应用：https://open.feishu.cn/
获取 App ID 和 App Secret
创建多维表格，获取 Bitable Token
在配置文件中填写相关信息

飞书多维表格会自动创建以下数据表：

商品管理
订单管理
库存管理
定价建议
数据报表

💰 定价策略

Starter - $299/月

2 个平台集成
100 个商品同步
基础订单管理
飞书多维表格同步

Professional - $599/月 ⭐ 推荐

4 个平台集成
1000 个商品同步
智能定价系统
实时库存同步
数据分析报表

Enterprise - $999/月

无限平台集成
无限商品同步
AI 智能定价
优先技术支持
自定义 API 集成

📊 收益模型

目标：$30,000/月（100 用户）

假设用户分布：

30 个 Starter 用户：30 × $299 = $8,970/月
50 个 Professional 用户：50 × $599 = $29,950/月
20 个 Enterprise 用户：20 × $999 = $19,980/月

总计：$58,900/月

🛠️ 技术栈

Node.js 18+
TypeScript（可选）
各平台官方 API
飞书开放平台 API
Commander.js（CLI）
Axios（HTTP 请求）
Day.js（日期处理）
Chalk（终端美化）
Ora（加载动画）

📝 待开发功能

以下功能已预留接口，可根据需求扩展：

🤝 贡献

欢迎提交 Issue 和 Pull Request！

GitHub: https://github.com/openclaw/crossborder-ecom-hub

📄 许可证

Commercial License

📞 支持

文档：https://clawhub.com/skills/crossborder-ecom-hub/docs
问题反馈：https://github.com/openclaw/crossborder-ecom-hub/issues
邮件：support@openclaw.com

🚀 开始您的跨境电商统一管理之旅！

Comments

Loading comments...