ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Noon 商品搜索工具

v1.0.0

Noon 商品搜索工具。输入阿拉伯语关键词,使用 Chrome 浏览器在 noon.com/saudi-ar 搜索,返回第一页所有商品的标题、评分、评价数和价格。

0· 110·0 current·0 all-time
by@freemanwangfuhan-coder

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for freemanwangfuhan-coder/noon-product-search.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Noon 商品搜索工具" (freemanwangfuhan-coder/noon-product-search) from ClawHub.
Skill page: https://clawhub.ai/freemanwangfuhan-coder/noon-product-search
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install noon-product-search

ClawHub CLI

Package manager switcher

npx clawhub@latest install noon-product-search
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code files implement a Noon product search (three alternative scrapers: puppeteer-based index.js and simple-search.js, and a chrome-remote-interface CDP script). That matches the stated purpose of returning titles/ratings/reviews/prices. However the SKILL.md only mentions chrome-remote-interface and requiring Chrome debugging port 9222, while the primary runtime (index.js) uses puppeteer-extra and stealth plugin; those packages are not listed in SKILL.md. Having three different scraper implementations is plausible but unexplained.
Instruction Scope
SKILL.md instructs running index.js and also tells the user to start Chrome with --remote-debugging-port=9222 (relevant to cdp-search.js). The actual index.js launches Chromium via puppeteer and does not need an externally-launched Chrome debugging port. The scripts only interact with noon.com pages (no external endpoints, no credential or file access beyond argv), but they include stealth/anti-detection code (puppeteer-extra-plugin-stealth) which is evasion-oriented — expected for scraping but worth noting.
Install Mechanism
There is no install spec (instruction-only), so nothing is automatically written to disk by an installer. SKILL.md claims 'first run will auto install dependencies' but no install script or package manifest is provided in the bundle; the code requires npm packages (puppeteer-extra, puppeteer-extra-plugin-stealth, chrome-remote-interface) that will fail if not installed. This mismatch is an inconsistency to clarify.
Credentials
The skill requests no environment variables, no credentials, and touches no config paths beyond using process.argv. That is proportionate to a simple web scraper.
Persistence & Privilege
always:false and no special persistence or modifications to other skill configs. The skill does not request elevated agent privileges.
What to consider before installing
What to consider before installing/running: 1) The code is a straightforward web scraper for noon.com and does not request secrets, but SKILL.md and the code disagree about how to run it — SKILL.md emphasizes chrome-remote-interface/remote-debugging while the main script launches Chromium with puppeteer. Ask the author to clarify required dependencies or inspect package.json (none included) and run npm install for puppeteer-extra and chrome-remote-interface in an isolated environment first. 2) The scripts use puppeteer-extra-plugin-stealth (anti-detection) — expected for scraping but may violate site terms and raise blocking/legal concerns if used aggressively. 3) There is no automatic install: running without installing npm packages will fail; don’t run as root on a host you care about — test in a sandbox/VM. 4) If you need to proceed, verify the dependencies locally, audit the files for network calls (none to external APIs are present) and run with rate limiting to avoid abusive scraping. If you want higher assurance, request the author to include a package.json and an explicit install script and to align SKILL.md with the actual runtime behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ft7gze4fshmkk4w4khsxk9d83wtgk
110downloads
0stars
1versions
Updated 4w ago
v1.0.0
MIT-0
@freemanwangfuhan-coder
latest
Download

Noon 商品搜索工具

功能

使用 Chrome 浏览器自动化,在 noon.com/saudi-ar 搜索阿拉伯语关键词,返回第一页所有商品的:

  • 商品标题
  • 评分
  • 评价数
  • 价格

使用方法

命令行

node ~/.openclaw/workspace/skills/noon-product-search/index.js "阿语关键词"

示例

node ~/.openclaw/workspace/skills/noon-product-search/index.js "عربة تسوق"

输出示例

============================================================
🔍 搜索: "عربة تسوق"
============================================================

📦 商品 1
   标题: عربة تسوق صغيرة محمولة...
   评分: 4.5
   评价数: (2,340)
   价格: 159 ر.س

📦 商品 2
   标题: ...

依赖

  • Chrome 浏览器(带调试端口 9222)
  • chrome-remote-interface

启动 Chrome 调试模式

open -a "Google Chrome" --args --remote-debugging-port=9222 --new-window "about:blank"

注意事项

  • 确保 Chrome 调试端口 9222 已开启
  • 首次运行会自动安装依赖
  • 如果搜索结果为空,尝试增加等待时间

Comments

Loading comments...