chip-trade-skills

v1.0.0

Connects local ERP inventory with IC Trade Navigator API for real-time IC pricing, risk scores, and trade advice without exposing your financial data.

⭐ 0· 78·0 current·0 all-time

byJayictw@oppstie

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for oppstie/ic-trade-skills.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "chip-trade-skills" (oppstie/ic-trade-skills) from ClawHub.
Skill page: https://clawhub.ai/oppstie/ic-trade-skills
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ic-trade-skills

ClawHub CLI

Package manager switcher

npx clawhub@latest install ic-trade-skills

Security Scan

Capability signals

CryptoCan make purchases

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The code and SKILL.md implement exactly the advertised capability: read local inventory (part number + qty), call a remote /v1/quote endpoint, merge the results, and expose MCP tools. However the registry metadata at the top incorrectly lists no required environment variables or primary credential while both the SKILL.md and mcp_connector/config.py require QUOTE_ENGINE_URL and QUOTE_ENGINE_API_KEY — an inconsistency that should be resolved before trusting the skill.

Instruction Scope

Runtime instructions and code are narrowly scoped (read inventory, call quote API, merge locally). Concerns: (1) SKILL.md recommends embedding QUOTE_ENGINE_API_KEY in claude_desktop_config.json env — that places the API key in a file which may be read by other local users/processes or get checked into backups; (2) the privacy guarantee relies on column-name based blocking; if your spreadsheet uses nonstandard/obfuscated headers the heuristics could miss pricing columns (the code uses keyword matching and a whitelist approach, which is good but not infallible); (3) server.py is present (not fully shown) and will run a local MCP process — you should audit it to ensure it does not accept unexpected incoming connections or perform extra network calls beyond /v1/quote.

ℹ

Install Mechanism

There is no formal install spec in the registry (lowest disk-write risk). SKILL.md asks users to pip install httpx and openpyxl — typical Python deps. No third-party downloads or archive extraction are present in the manifest. Still, because this runs a local Python process (server.py), you should audit that file before launching.

Credentials

The manifest at the top claims 'Required env vars: none', but both the documentation and code require QUOTE_ENGINE_URL and QUOTE_ENGINE_API_KEY (and optionally ERP_EXCEL_PATH / CONNECTOR_TIMEOUT). Requesting an API key and endpoint is proportionate to the stated purpose, but the metadata omission is misleading and increases risk (users might install without providing credentials, or accidentally store keys in config files). The MCP config example also suggests placing the API key in a JSON config — this is convenient but increases exposure.

✓

Persistence & Privilege

always: false and disable-model-invocation: false (normal). The skill runs as a normal local MCP server process when invoked; it does not request permanent 'always' inclusion. Still, running a long-lived local server process means the API key will reside in process memory and possibly in startup configuration files — treat that as sensitive and run under a least-privilege account.

What to consider before installing

This connector appears to implement what it says (it reads part numbers locally and calls a remote quote API), but exercise caution before installing: - The registry metadata is inconsistent: the code requires QUOTE_ENGINE_URL and QUOTE_ENGINE_API_KEY even though the manifest lists none. Expect to provide those env vars. - Do not paste your real API key into shared JSON/config files that may be checked into backups (the example suggests adding the key into claude_desktop_config.json). Prefer setting environment variables at runtime or using a secrets store. - Audit mcp_connector/server.py before running it to confirm it only exposes local MCP endpoints and does not accept arbitrary inbound network requests or perform unexpected network activity. - Verify the QUOTE_ENGINE_URL domain (api.ic-navigator.com or any self-hosted URL) is trustworthy; the connector will send part_number and qty to that endpoint. If you need to avoid any network calls, do not run the connector. - Confirm your spreadsheet column headers are covered by the connector's price-detection heuristics (the code blocks common price keywords, but strange/obfuscated headers may bypass detection). Consider running the connector in a controlled environment first and inspect outbound requests (e.g., with a network proxy) to confirm only part numbers/qty/lang are sent. If you cannot validate the endpoint or do not want to expose part numbers externally, do not install/run this skill. If you proceed, run it under a non-privileged account, avoid storing secrets in shared files, and review the server code and network traffic.

Like a lobster shell, security has layers — review code before you run it.

latestvk975ssedk94h22awzcmtddghm18464v2

78downloads

0stars

1versions

Updated 3w ago

v1.0.0

MIT-0

IC Trade Navigator — MCP Connector

Taiwan-neutral IC component quoting connector for Claude Desktop and MCP-compatible clients.

The bridge between your local ERP inventory and real-time IC market intelligence.

Connect your local ERP inventory to real-time market intelligence — without sending your pricing data to any server.

What This Is

This connector is the client-side component of the IC Trade Navigator system. It:

Reads your local inventory.xlsx (part numbers + stock quantities only)
Calls the IC Trade Navigator API (GET /v1/quote) to fetch market pricing, risk scores, and trade advisory
Merges both sources into a unified view — locally, on your machine
Exposes three MCP tools to Claude Desktop for conversational IC trading workflows

Your floor prices, purchase costs, and ERP financial data never leave your machine.

🛡️ Why Use This? Privacy First: Your cost and financial data never leave your local machine.

Market Intelligence: Real-time pricing and risk scoring (low/medium/high).

Taiwan-Neutral: Specialized filtering and advisory for the Taiwan electronics trade.

Architecture

Your Machine                          IC Trade Navigator Server
─────────────────────────────         ──────────────────────────
inventory.xlsx  ←─ read               (Black-box API)
    │                                  • Market scraping
    │  part_number + qty only          • Risk scoring
    └──────────────────────────────►   • Multilingual advisory
                                       • Taiwan-neutral filtering
    ◄──────────────────────────────
    quoted_price, risk_level,
    advisory (en/de/ja/zh-TW/fr/ko)
         │
    merged_view  ─► Claude Desktop

Quick Start

1. Install dependencies

pip install httpx openpyxl

2. Configure environment

cp .env.example .env
# Edit .env:
#   QUOTE_ENGINE_URL     = https://api.ic-navigator.com   (or your self-hosted URL)
#   QUOTE_ENGINE_API_KEY = JAY-IC-xxxxxxxxxxxxxxxxxxxx
#   ERP_EXCEL_PATH       = /path/to/your/inventory.xlsx

3. Single quote (CLI)

python -m mcp_connector.client quote STM32L412CBU6 --qty 500 --lang zh-TW

4. Batch quote from inventory

python -m mcp_connector.client batch data/inventory.xlsx

5. JSON output (for ERP integration)

python -m mcp_connector.client quote GD32F103C8T6 --qty 1000 --lang en --json

MCP Tools (Claude Desktop)

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "ic-trade-navigator": {
      "command": "python",
      "args": ["-m", "mcp_connector.server"],
      "env": {
        "QUOTE_ENGINE_URL": "https://api.ic-navigator.com",
        "QUOTE_ENGINE_API_KEY": "JAY-IC-your-key-here",
        "ERP_EXCEL_PATH": "/absolute/path/to/inventory.xlsx"
      }
    }
  }
}

Available tools in Claude:

Tool	Description
`quote_part`	Get market quote + risk score for one part number
`read_erp_inventory`	Look up your local stock for a part
`get_combined_view`	Full merged view: market + local ERP

Inventory File Format

Your inventory.xlsx should have these columns (column names are configurable):

Part Number	Stock Qty	Status	Package	Date Code
STM32L412CBU6	12000	In Stock	UFQFPN32	2347
GD32F103C8T6	8000	In Stock	LQFP48	2344

A sample file is included at data/inventory.xlsx.

Pricing columns are automatically blocked — even if present in your file, the connector will never read or transmit them.

Response Fields

{
  "part_number": "STM32L412CBU6",
  "quoted_price": 2.8500,
  "quote_action": "auto_quote",
  "risk_level": "low",
  "risk_index": 0.12,
  "tw_neutral_confidence": 0.88,
  "advisory": "Part is in normal active supply...",
  "advisory_lang": "en",
  "local_stock_qty": 12000,
  "recommendation": "✅ Auto-quote ready. Local stock: 12,000 units."
}

Risk Levels

Level	Score	Meaning
🟢 `low`	< 0.30	Standard procurement confidence
🟡 `medium`	0.30–0.65	Request Certificate of Conformance
🔴 `high`	≥ 0.65	Escalate to procurement quality team

Advisory Languages

en · de · ja · zh-TW · fr · ko

Custom Column Mapping

If your Excel uses different column headers:

python -m mcp_connector.client batch inventory.xlsx \
  --col-pn "MPN" \
  --col-qty "Available" \
  --col-status "Lifecycle"

Environment Variables

Variable	Required	Default	Description
`QUOTE_ENGINE_URL`	✅	—	API server base URL
`QUOTE_ENGINE_API_KEY`	✅	—	Your `JAY-IC-` API key
`ERP_EXCEL_PATH`	—	`data/inventory.xlsx`	Path to local inventory file
`CONNECTOR_TIMEOUT`	—	`15`	HTTP timeout in seconds

Privacy Guarantee

This connector enforces a strict data boundary:

Sent to server: part_number, qty, lang — nothing else
Blocked fields: Any column header containing price, cost, floor, margin, sale, purchase, 底价, 售价, 进价, 含税
Client-side only: All ERP merging and display runs locally

License

MIT License — see LICENSE

Get an API Key

This connector requires access to the IC Trade Navigator API. Contact: jay.ictw@gmail.com

Comments

Loading comments...