ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Naver Shopping Search

v1.0.1

Search for products on Naver Shopping. Use when the user wants to find product prices, links, or compare items in the Korean market.

0· 70·0 current·0 all-time
by@twbeatles·fork of @dryoo/naver-shopping (1.0.0)

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for twbeatles/naver-shopping-twbeatles.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Naver Shopping Search" (twbeatles/naver-shopping-twbeatles) from ClawHub.
Skill page: https://clawhub.ai/twbeatles/naver-shopping-twbeatles
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install naver-shopping-twbeatles

ClawHub CLI

Package manager switcher

npx clawhub@latest install naver-shopping-twbeatles
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code: the script queries Naver Shopping openapi and returns JSON results. The only network connection is to https://openapi.naver.com/v1/search/shop.json, which is appropriate for the stated purpose.
Instruction Scope
SKILL.md instructs running the provided Python script with a search term and documents credential locations. The script implements exactly those instructions and does not perform unrelated file reads or network calls.
Install Mechanism
No install spec; the skill is instruction + a small Python script using only the standard library. Nothing is downloaded or written by an installer.
!
Credentials
The registry metadata declares no required env vars, but the SKILL.md and the script expect Naver API credentials (several possible environment variable names) and will also load .env files from the skill directory and ~/.openclaw/credentials/naver-shopping.env. Requesting API credentials for Naver Shopping is proportional to the task, but the omission from metadata is an inconsistency that should be corrected and disclosed to users.
Persistence & Privilege
Skill does not request always:true, does not modify system or other skills, and only reads local .env files if present. It does not store new credentials or change agent configuration.
What to consider before installing
This skill appears to be a straightforward Naver Shopping API client and only communicates with Naver's openapi endpoint. Before installing: (1) be aware it requires your Naver API Client ID and Secret (the metadata did not list these — supply via environment variables or a .env file); (2) prefer setting credentials in secure environment variables rather than plaintext files in your home directory; (3) verify the skill's publisher/source since the package metadata/homepage is missing; and (4) if you are uncomfortable storing credentials locally, create an API key with limited scope or use a throwaway/testing account. The main issue is an information disclosure/inconsistency in the registry metadata rather than malicious code.

Like a lobster shell, security has layers — review code before you run it.

latestvk970qk5aqnyk1qc2gq721njzd584zrg9
70downloads
0stars
1versions
Updated 1w ago
v1.0.1
MIT-0
@twbeatles
latest
Download

Naver Shopping Search

네이버 쇼핑 Search API로 한국 상품 검색을 수행한다.

Usage

검색어를 넣어 스크립트를 실행한다.

python skills/naver-shopping/scripts/search_shopping.py "상품명"

Options

  • --display <number>: Number of results to show (default: 5, max: 100)
  • --sort <sim|date|asc|dsc>: Sort order (sim: similarity, date: date, asc: price ascending, dsc: price descending)

Example

python skills/naver-shopping/scripts/search_shopping.py "아이폰 16" --display 3 --sort asc

Environment Variables

다음 중 하나의 이름으로 자격증명을 읽는다.

  • NAVER_Client_ID / NAVER_Client_Secret
  • NAVER_CLIENT_ID / NAVER_CLIENT_SECRET
  • NAVER_SHOPPING_CLIENT_ID / NAVER_SHOPPING_CLIENT_SECRET

우선 순위:

  1. 현재 환경 변수
  2. skills/naver-shopping/.env
  3. ~/.openclaw/credentials/naver-shopping.env

Comments

Loading comments...