ClawHub

云集返利助手

v0.1.0

云集会员制社交电商工具,提供自营+CPS双模式商品推荐、会员专属价查询和分销推广管理。

0· 44·0 current·0 all-time
by@fangshan101-coder
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description and claimed capabilities (member pricing lookup, self-operated+CPS listings, affiliate link/material generation, category recommendations) match the SKILL.md content; the skill does not request unrelated binaries, env vars, or config paths.
Instruction Scope
SKILL.md is high-level and contains trigger words, planned abilities and an output format but gives no concrete runtime instructions (no API endpoints, no scraping rules, no credential requirements). That makes the skill vague: it doesn't instruct the agent to perform any file or secret access, but an implementing agent may need external data (web/API) and would have to decide how to obtain it.
Install Mechanism
No install spec and no code files are present (instruction-only). Nothing will be written to disk by the skill packaging itself.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. There are no unexplained credential requests.
Persistence & Privilege
The skill does not request always:true and uses default invocation settings. Autonomous invocation is allowed by platform default — acceptable here — but if you enable autonomous runs be aware the agent may attempt network access to fulfill vague instructions.
Assessment
This skill is instruction-only and does not request credentials or install code, which is a low-risk footprint. However the runtime instructions are vague: if enabled, the agent (or a future implementation) may need to fetch product/pricing data from Yunji or other sources and could prompt you for login/API access or perform web requests. Before enabling broadly: (1) confirm how the agent will obtain product data (official API, scraping, or user-provided tokens), (2) do not paste personal credentials into free-text prompts, (3) prefer enabling the skill for manual/user-invoked use first rather than unrestricted autonomous runs, and (4) ask the skill author for a privacy/data-use statement or source of truth (API endpoints or scraping rules) if you need stronger assurances.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b12zgv1g14jnpwev24jx7pd83tjnp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments