ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ShopGeni

v1.0.0

AI-powered shopping assistant. Search for products by text or image, and find the best prices across Amazon, Google Shopping, and brand stores.

1· 109·0 current·0 all-time
byJun Liu@archroad

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for archroad/online-price-comparison.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "ShopGeni" (archroad/online-price-comparison) from ClawHub.
Skill page: https://clawhub.ai/archroad/online-price-comparison
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install online-price-comparison

ClawHub CLI

Package manager switcher

npx clawhub@latest install online-price-comparison
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The script implements the advertised features (text and image search, price comparison) by POSTing queries and images to a remote unified-shopping SSE endpoint. That capability aligns with the skill description. However the default API host (https://nestor-api.beyondstyle.us) is not documented in SKILL.md as an explicit trust boundary and the skill creates a persistent client identifier under ~/.config/nestor/skill_id, which is additional footprint beyond a pure query helper.
Instruction Scope
SKILL.md instructs invoking the included Python script with local image paths or image URLs and discusses the 'backend' doing searches; that matches the script. The instructions do not call for reading unrelated local files, but the script will read any path passed via --image and upload its bytes to the remote API, so users (or an agent acting on their behalf) could accidentally transmit sensitive files if given improper input.
Install Mechanism
This is an instruction-only skill with a small helper script and no install spec. Nothing is downloaded at install time and no archive extraction occurs.
!
Credentials
No environment credentials are requested, which is proportional. However the script generates and stores a persistent per-installation identifier (~/.config/nestor/skill_id) and sends it in the X-Nst-Sig header with every request; this is a fingerprint that is not documented in SKILL.md. The default API URL is a third-party domain; sending user queries, images, and a persistent ID to that host is a privacy/credentiality concern if you don't trust the operator.
Persistence & Privilege
always:false and no special system privileges are requested. The script does write one small config file in the user's home directory (~/.config/nestor/skill_id) to persist a client id (used for rate-limiting/fingerprinting). This is limited persistence scoped to the user's account, but it is persistent and present on disk.
What to consider before installing
This skill will upload your search text and any local image file you pass to a remote API (default: nestor-api.beyondstyle.us) and it will create a small persistent ID file at ~/.config/nestor/skill_id that is sent with requests. Only install/use it if you trust that remote service and its privacy practices. Before installing: (1) verify the service operator and domain (beyondstyle.us) and their privacy policy; (2) avoid passing sensitive local files as --image; (3) consider overriding --api-url to a trusted endpoint or running the skill in a network-isolated environment; (4) if you need full assurance, open and review scripts/shopgeni.py yourself and remove or sandbox the skill if you are uncomfortable with outbound uploads or the persistent ID file.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🛍️ Clawdis
OSmacOS · Linux
Binspython3
latestvk974hk15x8n4q9emfdgvqracg184hnak
109downloads
1stars
1versions
Updated 2w ago
v1.0.0
MIT-0
macOS, Linux
Jun Liu@archroad
latest
Download

ShopGeni — AI Shopping Assistant

ShopGeni exposes two AI-powered shopping capabilities:

  1. Item Recommendation — natural-language and visual product search
  2. Price Comparison — find the best price for a product across Amazon, Google Shopping, and brand stores

1. Item Recommendation

Search for products using natural language or a product image.

Triggers: "find me a dress", "show sneakers under $100", "recommend a blue denim jacket", "what shoes match this outfit?"

Text search:

python3 $SKILL_PATH/scripts/shopgeni.py \
  --query "blue running shoes under $120"

Visual search (image file):

python3 $SKILL_PATH/scripts/shopgeni.py \
  --image "/path/to/photo.jpg" \
  --query "find similar products"

2. Price Comparison

Find the best price for a specific product across multiple stores.

Triggers: "find best price for X", "compare prices for X", "where can I buy X cheapest"

Text query:

python3 $SKILL_PATH/scripts/shopgeni.py \
  --query "find best price for Nike Air Force 1 white"

From a product URL: Extract the product name and brand from the URL yourself, then pass as --query. Do not pass URLs to the script — the backend searches by keyword.

Query construction: Build the richest possible query from available product attributes — include brand, product name, and any of: style number, color, gender, category. More specific queries yield better results. Examples:

  • "find best price for Reebok Women's Zignition Running Shoes Black/White"
  • "find best price for Nike Air Force 1 Low Men's Sneaker White style 100074219"
  • "find best price for Adidas Response Super Women's Running Shoes"

With image URL (recommended for better accuracy): Pass --image-url with the product image URL. The backend uses it for visual similarity ranking. If the user searched for products first, use the image field from that recommendation:

python3 $SKILL_PATH/scripts/shopgeni.py \
  --query "find best price for Reebok Women's Zignition Running Shoes Black/White" \
  --image-url "https://example.com/product-image.jpg"

From a local image file:

python3 $SKILL_PATH/scripts/shopgeni.py \
  --image "/path/to/product.jpg" \
  --query "find best prices for this product"

Follow-up Queries

Pass --thread-id to continue a conversation:

python3 $SKILL_PATH/scripts/shopgeni.py \
  --query "show me similar ones in red" \
  --thread-id "previous-thread-uuid"

Response JSON

{
  "intent": "item | price_comparison",
  "content": "assistant response text",
  "thread_id": "uuid",
  "recommendations": [
    {
      "id": "...",
      "name": "Product Name",
      "brand": "Brand",
      "merchant": "Store Name",
      "price": "$99.99",
      "image": "https://...",
      "category": "shoes",
      "product_url": "https://www.beyondstyle.us/prod?id=..."
    }
  ],
  "price_comparison": {
    "candidates": [
      {
        "name": "Product Name",
        "price": "$89.99",
        "source": "Amazon",
        "buy_url": "https://..."
      }
    ]
  }
}

Display Guidelines

  • Item recommendations: Show as a markdown table or bullet list with name, brand, price, and link
  • Price comparison: Show as a ranked table: Rank | Store | Price | Link
  • Always show the content field as the assistant's main response
  • Save thread_id from the response if the user may want to follow up

Comments

Loading comments...