Taobao Operations

v1.0.0

日常运营 + 客服售后 + 合规风控三合一 - 仅读 API、不自动修改、客服合规、人工确认

⭐ 0· 94·0 current·0 all-time

by@guowaa223

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for guowaa223/taobao-operations.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Taobao Operations" (guowaa223/taobao-operations) from ClawHub.
Skill page: https://clawhub.ai/guowaa223/taobao-operations
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install taobao-operations

ClawHub CLI

Package manager switcher

npx clawhub@latest install taobao-operations

Security Scan

VirusTotal

Pending

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name/description align with the code and outputs (report generation, compliance checks, CS automation). Declared required binary (python3) and Python deps in metadata/requirements are reasonable for this workload. Minor oddities: the skill's metadata and README mention optional .env / Taobao API keys, but requires.env is empty in the registry metadata; OS restriction set to win32 is likely unnecessary but not catastrophic. The requirements include 'requests' but the visible code does not use network calls, which could be fine for future features but is an unexplained mismatch.

ℹ

Instruction Scope

SKILL.md and README instruct running the packaged Python script to generate reports and start an auto-reply helper; they claim read-only API access and that the tool will not modify shop data. The instructions don't ask the agent to read unrelated system files. However the runtime loads environment variables (.env) and README asks users to edit .env for API keys — those runtime secrets are not declared in the registry manifest, creating a transparency gap.

✓

Install Mechanism

No install script provided (instruction-only with packaged Python script). Dependencies are standard PyPI packages listed in requirements.txt. There are no external downloads or archive extraction steps. This is low risk from an install-mechanism perspective.

Credentials

The skill's code calls load_dotenv() and the README explicitly instructs populating .env with Taobao API keys, yet the registry metadata lists no required environment variables or primary credential. That mismatch makes it unclear what secrets the skill will read if present. While the skill claims 'read-only' API use, users should not provide high-privilege credentials until the exact env vars and scopes are documented. The number of implied credentials is small and plausible for the purpose, but the omission in metadata is a practical and security-relevant inconsistency.

✓

Persistence & Privilege

always:false and default agent invocation settings are used. The skill only writes logs/reports to local workspace directories (logs/, reports/) which is expected. It does not request persistent platform-wide privileges or modify other skills/configs.

What to consider before installing

This skill appears to implement the advertised reporting and compliance helpers, but there are a few things to check before installing or giving it any credentials: 1) The package loads .env (via python-dotenv) and README suggests putting Taobao API keys there, yet the registry metadata does not declare which env vars it will read — only provide an API key with strictly read-only/least-privilege scope, and prefer a throwaway/test account first. 2) Inspect the full scripts/operations_main.py file locally (I saw the provided copy was truncated) to confirm there are no unexpected network calls, credential uploads, or filesystem reads at the end of the file. 3) Install dependencies inside a dedicated virtualenv and run the tool in a sandbox or test account to validate behavior. 4) If you need autonomous agent invocation, be cautious: although this skill does not set always:true, an agent granted autonomous use plus credentials could act without ongoing user confirmation — verify the skill truly requires manual confirmation for any write actions. 5) If you plan to use it in production, ask the author to update the skill manifest to explicitly list any required env vars and the exact API scopes needed.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🛡️ Clawdis

OSWindows

Binspython3

latestvk9768znpebptc902svqy82fynd83x33f

94downloads

0stars

1versions

Updated 4w ago

v1.0.0

MIT-0

Windows

日常运营 + 客服售后 + 合规风控三合一 Skill

⚠️ 重要安全声明

本技能严格遵守以下安全铁律：

仅读 API 数据 - 仅通过淘宝官方 API 获取自身店铺、公开行业数据
不自动修改 - 仅生成报告、建议、清单，所有修改人工确认执行
客服合规回复 - 开头明确告知智能客服，仅 3 类低风险售后自动处理
人工确认执行 - 所有操作必须人工审核后手动执行
2026 新规合规 - 100% 符合淘宝最新规则，零违规风险

功能概述

三大核心模块

模块	功能	输出物	人工确认
日常运营辅助	数据汇总/合规巡检/库存同步	日报/巡检报告/补货提醒	✅ 必须
客服售后自动化	智能回复/订单触达/售后处理	客服日志/售后记录	✅ 部分
合规风控预警	风险分级/API 监控/应急预案	预警通知/应急预案	✅ 必须

使用命令

# 每日运营日报
python scripts/operations_main.py daily-report --日期 2026-03-26

# 全店合规巡检
python scripts/operations_main.py compliance-check --全店

# 库存同步
python scripts/operations_main.py inventory-sync --款号 KZ20260326

# 每日操作清单
python scripts/operations_main.py task-list --日期 2026-03-26

# 客服自动回复
python scripts/operations_main.py cs-auto-reply --启动

# 售后处理
python scripts/operations_main.py after-sales --订单 ID 12345 --自动处理

# 合规风控检查
python scripts/operations_main.py risk-check --实时

输出物

《每日店铺运营日报》 - Excel 格式
《全店合规巡检报告》 - Excel 格式
《补货提醒通知》 - Excel 格式
《每日运营关键操作清单》 - Excel 格式
客服回复日志 - JSON 格式
《售后处理记录》 - Excel 格式
《合规风控预警通知》 - Excel 格式

安全与合规声明

本技能不会：

❌ 超范围调用 API
❌ 抓取非公开数据
❌ 自动修改商品信息
❌ 自动修改订单信息
❌ 自动修改店铺配置
❌ 客服回复不告知身份
❌ 自动处理高风险售后

本技能仅支持：

✅ 读取自身店铺数据
✅ 读取公开行业数据
✅ 生成报告/建议/清单
✅ 客服合规回复
✅ 3 类低风险售后自动处理
✅ 合规风控预警

🛡️ 日常运营 + 客服售后 + 合规风控 — 合规第一，人工确认

Comments

Loading comments...