ClawHub

Price Monitor FR

v1.0.0

Surveille les prix de produits sur Amazon.fr, Fnac, Cdiscount et Boulanger, et alerte en cas de baisse ou d'atteinte du prix cible.

1· 1.5k·0 current·0 all-time
by@hugosbl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/SKILL.md and the included Python script implement a price-monitoring tool (fetch product pages, extract prices, persist products/history/alerts under ~/.price-monitor). No unrelated credentials, binaries, or installs are requested.
Instruction Scope
Runtime instructions tell the agent to run the included Python script which downloads HTML from user-supplied product URLs and writes JSON files under the user's home directory. This behavior is expected for a price monitor, but the script performs arbitrary HTTP GETs on provided URLs — which could reach internal services if misused. Also, the provided scripts output was truncated in the archive preview; the remainder should be checked for any unexpected network/exfiltration steps.
Install Mechanism
No install spec is present (instruction-only skill) and the code claims to use only the Python stdlib. No remote downloads or package installs are declared.
Credentials
The skill requests no environment variables, no credentials, and stores data locally under ~/.price-monitor. No disproportionate or unexplained secret access is requested.
Persistence & Privilege
The skill does not set always:true, but disable-model-invocation is not set (default behavior allows the model to invoke it). That means the model could autonomously trigger network fetches and write files locally — expected for this kind of tool but worth noting if you want to restrict autonomous network access.
Assessment
This appears to be a straightforward price-monitoring script: it fetches product pages (HTTP GET), parses prices, and stores products/history/alerts under ~/.price-monitor. Before installing, review the full scripts/monitor.py file (the provided preview was truncated) to confirm there are no outgoing webhooks, remote logging, or credential-leaking code. Consider running it in a restricted environment or sandbox if you are concerned about the tool fetching arbitrary URLs (which could include internal network addresses). If you don't want the model to call the skill autonomously, disable model invocation or require explicit user approval before running it.

Like a lobster shell, security has layers — review code before you run it.

latestvk979p6e04fyxapfz6xjf19pn1d80c42h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments