咸鱼自动发货
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is a disclosed Xianyu auto-fulfillment tool, but it can run continuously with your logged-in browser session and automatically send messages or delivery keys without per-order approval.
Only install this if you are comfortable giving the automation access to a logged-in Xianyu browser session. Use a dedicated browser profile, test with manual approval first, add duplicate-order protection, and review any custom fulfillment scripts before letting it run continuously.
Findings (8)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A page-detection mistake or UI change could cause the agent to send keys or messages from the user's real Xianyu account.
The script automatically executes fulfillment after detecting payment text in the browser, with no per-order user confirmation step.
if check_need_fulfillment; then
# 执行发货
execute_fulfillmentRequire explicit approval before each fulfillment, add order-ID based deduplication, and test in a non-production account before enabling automation.
The automation can act as the logged-in seller, including opening chats and sending fulfillment messages.
The skill uses the user's default Chrome profile, which can include active Xianyu login cookies and account session authority.
PROFILE="$HOME/Library/Application Support/Google/Chrome/Default" agent-browser --headed --profile "$PROFILE" open "$CHAT_URL"
Use a dedicated browser profile/account with limited privileges, and clearly disclose this session access in setup metadata and user instructions.
The monitor may continue acting on the marketplace account until the user notices and stops it.
The documentation describes launching a subagent that keeps monitoring and operating after setup.
AI 助手会自动: 1. 创建子代理会话 2. 加载监控脚本 3. 启动浏览器 4. 开始循环监控
Make background operation opt-in, show clear stop controls, add runtime limits, and require periodic user reauthorization.
A repeated detection or false positive could consume multiple keys or send repeated messages to buyers.
The loop can repeatedly process chats and send keys or replies, but the artifacts do not show an order-state lock, idempotency check, or sent-order registry.
if analyze_chat; then
# 付款消息 - 发送秘钥
send_key
else
# 普通消息 - 发送回复
send_replyTrack processed order IDs, prevent duplicate sends, and fail closed when payment state is ambiguous.
Users may underestimate account, platform-policy, or anti-automation risks when running the monitor.
The documentation advertises using a real browser to avoid being blocked, which may overstate safety and encourage risky platform automation.
🌐 **真实浏览器**:使用 agent-browser,避免被封
Replace anti-detection claims with clear warnings about marketplace terms, account risk, and safe testing practices.
Installing global packages can affect the local environment and should only be done from trusted sources.
The skill depends on installing a global, unpinned browser automation package; this is purpose-aligned but expands local execution trust.
npm install -g agent-browser agent-browser install
Pin versions where possible, verify the package source, and install in an isolated environment or dedicated profile.
Any modified or untrusted fulfillment script will run with the user's local permissions.
The monitor sources a local fulfillment shell script so users can customize delivery logic; this is expected for the framework but executes shell code.
source "$FULFILLMENT_SCRIPT"
Inspect custom fulfillment scripts before running them and keep them under user-controlled paths.
Delivery keys and logs may remain on disk and could be exposed if the project directory is shared or backed up insecurely.
The key-pool template stores used delivery keys locally in a persistent file.
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $key" >> "$USED_KEYS_FILE"
Treat key files and logs as sensitive, restrict file permissions, and redact or rotate logs when appropriate.