Ecommerce Review Analyzer
v1.0.7淘宝京东拼多多评论分析工具。自动抓取商品评论,分析好评差评,生成专业分析报告。支持多店铺多商品对比,差评详情分析,改进建议。电商运营必备工具。
⭐ 0· 174·0 current·0 all-time
by@tobewin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (scraping and analyzing Taobao/JD/Pinduoduo reviews) matches the actual instructions: it requires browser automation and Python, performs DOM scraping of review pages, and generates Word/PDF reports. No unrelated binaries or credentials are requested.
Instruction Scope
Runtime instructions explicitly use the OpenClaw built-in browser to open product pages, evaluate arbitrary page JS, screenshot QR codes, and extract usernames, dates, stores and full review text. That scope is expected for scraping, but the instructions do not strictly limit data collection to only review text—because it runs in your logged-in session the skill could access other page-level or account data if modified.
Install Mechanism
This is an instruction-only skill with no install spec (low disk/write risk). The metadata lists Python package dependencies (jieba, python-docx, fpdf2) which are reasonable for Chinese text processing and report generation; installing packages via pip is typical but would be done at runtime or by the agent, not by an automatic installer in the skill bundle.
Credentials
The skill requests no environment variables or external credentials (good). However it explicitly requires the OpenClaw browser session and inherits the user's logged-in state for Taobao/JD/PDD — this gives the skill access to cookies/session-scoped data in the browser, which is sensitive. The need for that access is consistent with the stated purpose, but it is a privacy consideration.
Persistence & Privilege
always:false (not force-included). disable-model-invocation is false (the agent may invoke the skill autonomously), which is the platform default. Combined with access to your logged-in browser sessions, autonomous invocation increases privacy risk if the agent runs the skill without your active supervision; the skill itself does not request elevated system privileges nor modify other skills.
Assessment
This skill appears to do what it says, but it operates by using your browser session and requires you to be logged into the ecommerce sites. Before installing or using it: 1) Only use it if you trust the skill source (no homepage/author info is supplied). 2) Consider logging into a dedicated account (or temporarily logging out of other sensitive accounts) so only review data is accessible. 3) Be aware it will capture full review text, usernames, dates and may screenshot login QR codes—do not share credentials. 4) If you allow autonomous runs, monitor when the agent invokes this skill (it could scrape data without you manually triggering it). 5) If you need stronger assurance, request the full source code or run the scraping in an isolated sandbox/browser profile first.Like a lobster shell, security has layers — review code before you run it.
latestvk976tydasnqa531wjp7ntxy9zn83wtav
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📊 Clawdis
Binspython3