ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sinopec Oil Price

v1.0.0

中石化油价查询 Skill,用于查询实时油价信息。支持按省份查询汽油和柴油价格,显示价格变动信息。

1· 118·0 current·0 all-time
by@15878033657

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for 15878033657/sinopec-oil-price.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Sinopec Oil Price" (15878033657/sinopec-oil-price) from ClawHub.
Skill page: https://clawhub.ai/15878033657/sinopec-oil-price
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install sinopec-oil-price

ClawHub CLI

Package manager switcher

npx clawhub@latest install sinopec-oil-price
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the code and docs. The implementation uses axios to call Sinopec's API (base URL: https://cx.sinopecsales.com/yjkqiantai) to fetch price data and exposes getOilPrice and monitorOilPrice as described. Declared dependencies (axios) are appropriate for the task.
Instruction Scope
SKILL.md and references describe querying and monitoring behavior; the code follows that. The runtime performs HTTP GET/POST to the Sinopec domain and reads/writes local history files (./history/<province>.json and ./oil-price-history.json). The SKILL.md doesn't enumerate the exact file locations, so note that the skill persists history in its own directory.
Install Mechanism
There is no install spec bundled (instruction-only in metadata) but code + package.json/package-lock are included. Installing/running will require Node and npm (or equivalent) to fetch axios from the npm registry mirror referenced in package-lock. This is normal but means runtime will install third-party packages if executed.
Credentials
The skill requests no environment variables or credentials and only accesses the Sinopec API and the local filesystem for history — this is proportional to a price-query/monitoring skill.
Persistence & Privilege
The skill creates and updates local files (history/*.json and oil-price-history.json) under the skill directory to persist previous prices and is intended for scheduled runs (cron). It does not request elevated system privileges or modify other skills. always:false (default) — it is not force-included.
Assessment
The skill appears to do what it says: it queries Sinopec's official API, computes price differences, and saves simple JSON history files in the skill directory. Consider the following before installing: 1) It will need network access to https://cx.sinopecsales.com and Node/npm to install dependencies (axios). 2) It writes persistent files (history/*.json and oil-price-history.json) in the skill folder — if you prefer no local persistence run it in a sandbox or remove/redirect the save/read functions. 3) The package-lock refers to a npm mirror (npmmirror.com) — if you require a particular registry, install with your preferred registry and verify package integrity. 4) The skill source/homepage is not provided; however all source files are included so you can audit them yourself. If you want tighter controls, run the skill in an isolated environment or review/modify the file-write and logging behavior before enabling scheduled runs.
!
index.js:294
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Clawdis
latestvk9769rq18rs3agyw2y5v201d9583mbk9
118downloads
1stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@15878033657
latest
Download

Sinopec Oil Price Skill

查询中国石化实时油价信息。

Quick Start

This skill provides access to Sinopec's official oil price data.

Core tool: sinopec_oil_price_get

Use when:

  • User asks for today's oil prices
  • User wants prices for a specific province/city
  • User needs gasoline (92#, 95#, 98#) or diesel (0#) prices
  • User wants to see price changes

Usage

See detailed documentation in bundled references:

Notes

  • Prices in CNY per liter
  • Data from Sinopec official mobile API
  • Prices may vary at actual gas stations

Comments

Loading comments...