ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ecommerce Data Export

v1.0.0

导出电商数据为 Excel/PDF 报告,支持价格历史、销量分析、竞品对比。适合电商卖家、市场分析师。

0· 516·1 current·1 all-time
by@275254cl-hash

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for 275254cl-hash/ecommerce-data-export.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Ecommerce Data Export" (275254cl-hash/ecommerce-data-export) from ClawHub.
Skill page: https://clawhub.ai/275254cl-hash/ecommerce-data-export
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ecommerce-data-export

ClawHub CLI

Package manager switcher

npx clawhub@latest install ecommerce-data-export
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill promises PDF generation, web scraping of product pages, and scheduled automatic sending, but declares only python3 (and a metadata note about installing pandas/openpyxl). PDF generation and web-scraping typically require additional libraries or external tools (e.g., requests/BeautifulSoup, PDF libraries, headless browser or wkhtmltopdf). The declared binaries/env vars do not justify the full feature set.
!
Instruction Scope
SKILL.md is vague about how data is obtained and delivered. Examples show user-provided Taobao URLs, but there are no concrete fetch/scrape instructions, nor limits on what the agent may read or send. '定时生成/定期自动发送报告' implies persistence and outbound transmission but gives no mechanism or explicit consent/checkpoints — this gives the agent broad, ill-defined discretion.
Install Mechanism
There is no formal install spec (instruction-only), but metadata suggests running 'pip3 install pandas openpyxl'. That is low-risk as-is, but is incomplete for the advertised capabilities (no scraping, networking, or PDF packages listed). No external downloads or anomalous install URLs are present.
!
Credentials
The skill requests no environment variables or credentials, yet describes sending reports and periodic automation — actions that normally require SMTP/API credentials, webhook URLs, or storage access. The absence of declared credential requirements is inconsistent and could lead to ad-hoc requests for secrets at runtime.
Persistence & Privilege
The skill is not set to always:true (good), but it advertises scheduled automatic reports which imply creating persistent schedules (cron jobs, background tasks, or storing credentials). SKILL.md does not state how schedules are implemented or what persistence is required; this is ambiguous and should be clarified before granting autonomous use.
What to consider before installing
Before installing, ask the author to clarify and tighten the skill's runtime behavior: 1) Provide an explicit list of required Python packages (e.g., requests, beautifulsoup4, pdf library, scheduler) and why each is needed. 2) Explain precisely how product data is fetched (scraping vs API), whether authentication/cookies are needed, and confirm compliance with target sites' terms. 3) Describe how scheduled reports are implemented (platform scheduler vs creating cronjobs) and what persistent storage or permissions are needed. 4) Specify what credentials (SMTP, webhook, cloud storage) will be required and limit those to the minimum; avoid giving broad account keys. 5) Require explicit user confirmation before the agent sends reports or contacts external endpoints, and consider disabling autonomous invocation for scheduling actions. If the author updates the skill to explicitly list and justify dependencies and credential needs and adds safe approval points for sending data, this assessment could move toward benign; until then treat it as suspicious.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📊 Clawdis
Binspython3
latestvk9752srv36hkztrfbtkq72wqnn83k00e
516downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@275254cl-hash
latest
Download

电商数据导出技能

将电商数据导出为专业报告(Excel/PDF)。

功能

  1. 价格历史导出: 导出商品历史价格数据
  2. 销量分析: 生成销量趋势图表
  3. 竞品对比: 多商品对比报告
  4. 定制模板: 自定义报告格式
  5. 定时生成: 定期自动发送报告

使用方式

导出数据:

导出这个商品的价格历史为 Excel https://item.taobao.com/item.htm?id=123

生成报告:

生成我监控的 10 个商品的价格分析报告

竞品对比:

对比这 5 个商品的价格和销量,生成 PDF 报告

定时报告:

每周一早上 9 点生成上周销售报告

输出示例

生成 Excel 报告包含:

  • 商品基本信息
  • 价格历史数据表
  • 价格趋势折线图
  • 统计分析(均价、最高、最低)
  • 建议售价

变现模式

  • 免费:每月 3 次导出
  • 付费 (¥79/月):无限导出 + 定制模板
  • 付费 (¥199/月):+ 定时报告 + API 访问

优势

  • ✅ B 端刚需
  • ✅ 高客单价
  • ✅ 易传播(报告带水印)
  • ✅ 可扩展企业版

声明: 数据来自公开渠道,仅供参考。

Comments

Loading comments...