Fake International Brand Detector

v2.1.0

通过七项国际化维度综合验证品牌真实性，判断是否为真国际品牌、存疑或假国际品牌。

⭐ 0· 124·1 current·1 all-time

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tompchen/fake-international-brand-detector.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Fake International Brand Detector" (tompchen/fake-international-brand-detector) from ClawHub.
Skill page: https://clawhub.ai/tompchen/fake-international-brand-detector
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install fake-international-brand-detector

ClawHub CLI

Package manager switcher

npx clawhub@latest install fake-international-brand-detector

Security Scan

Capability signals

Requires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description (detect fake international brands) matches what the scripts do: WHOIS, media search, Amazon/shop checks and trademark timeline. However the skill expects/use third‑party search APIs (Tavily, Google CSE) and access to WHOIS/Amazon pages; those are reasonable for the stated purpose but the registry metadata declares no required environment variables or dependencies while the code clearly uses API keys and Python packages (whois, requests, BeautifulSoup). This mismatch (no declared envs/deps but code needs them) is unexpected.

Instruction Scope

SKILL.md and scripts instruct the agent to perform broad network activity: POSTs to Tavily, scraping Google News/Reddit/Amazon, WHOIS lookups and calling external binaries (curl, a 'google' search binary). The SKILL.md text also claims the skill is "默认自动运行" on keyword triggers, which conflicts with the registry flag (always:false). The scripts reference a specific workspace path (/home/admin/.openclaw/...) and use subprocess calls; these are within the tool's purpose but widen the operational scope and warrant caution.

ℹ

Install Mechanism

There is no install spec (instruction-only), but the bundle contains multiple Python scripts that depend on external packages (requests, bs4, whois) and platform helpers (openclaw.web.fetch). No dependency or installation instructions are declared in registry metadata. This is not necessarily malicious but increases friction and risk (scripts may fail or behave unpredictably if required libs are missing).

Credentials

Registry metadata lists no required env vars, yet the SKILL.md and scripts read environment variables (TAVILY_API_KEY, GOOGLE_CSE_API_KEY/CSE_ID, and optional API keys). Scripts also mention 'Amazon Seller API (需登录)'. Asking for API keys for the search/WHOIS services is reasonable for functionality, but the lack of declared required env vars in metadata is an incoherence and a risk: an agent could attempt to use any env variables present in the host. Do not provide high‑privilege or broadly scoped keys unless you audit the code.

ℹ

Persistence & Privilege

The skill does not set always:true and does not request system config paths in the registry. However SKILL.md claims the skill is "默认自动运行" (auto‑trigger on keywords). Autonomous invocation is platform default; combined with the other concerns (undeclared env usage and subprocess/network calls) this increases blast radius if the agent invokes the skill frequently. No code modifies other skills or system configuration in the provided files.

What to consider before installing

This skill appears to implement what it claims (WHOIS, media and Amazon scraping, trademark checks), but there are several mismatches you should address before installing or providing secrets: - The code expects API keys (TAVILY_API_KEY, Google CSE keys) and Python packages (requests, beautifulsoup4, python-whois) but the registry declares none — treat any API key you provide as sensitive and give it minimal scope and quota. Consider creating limited or payment‑limited API keys. - SKILL.md states the skill auto‑runs on keyword triggers while registry flags do not set always:true; confirm how and when your agent will actually invoke the skill so it won’t run unexpectedly. - The scripts perform many external network requests and use subprocess calls (curl, a 'google' binary). Run the code in a sandbox or test environment first to verify behaviour and to ensure it doesn’t leak data to unexpected endpoints. - Review the code paths that build or run subprocess commands and any place user input (brand names) is used in shell contexts. Although the code mostly uses subprocess with argument lists, verify there is no unsafe shell usage in omitted/truncated parts. - If you plan to use this skill with real API keys or in a production agent, request the publisher add explicit metadata: required env vars, dependency list (requirements.txt), and clarify the auto‑invoke behavior. If you want, I can: (1) list the exact lines where env vars and subprocess calls are used, (2) produce a minimal requirements.txt and a safer invocation wrapper that validates inputs, or (3) suggest configuration limits for any API keys you provide.

Like a lobster shell, security has layers — review code before you run it.

latestvk976px4tpaqr6vrs2f5ckx1ppx84zww4

124downloads

0stars

2versions

Updated 1w ago

v2.1.0

MIT-0

✅ Fake International Brand Detector - Enhanced v2.0 [已激活]

📢 技能状态

🟢 激活状态: ✅ 已启用（默认自动运行）
🎯 触发条件: 检测到用户询问"假国际品牌"、"品牌真实性"、"保健品品牌"等关键词时自动调用
⚙️ 默认参数: --brand {品牌名} --mode quick
📁 文件路径: /home/admin/.openclaw/workspace/skills/fake-international-brand-detector/

一个用于检测"假国际品牌"的智能 Agent 技能（增强版）。

📋 功能说明

通过七项维度验证品牌的国际化真实性（基于 NYO3 验证经验优化）：

原有四项（核心维度）

海外官网 - 检查是否存在成熟的多语言海外官方网站
海外销售渠道 - 验证线下/线上海外零售渠道
跨境电商记录 - 在亚马逊等平台的全球销售历史
海外媒体曝光 - 国际媒体报道和广告记录

新增三项（识别假国际特征）

WHOIS 注册地核查 - 检查域名 registrant_country 是否为品牌宣称的本土国家
商标注册时间线分析 - 对比中国市场/海外市场的商标注册时间先后
销售渠道运营者国籍 - 检查 Amazon.de/.co.uk店铺运营者所在国家（非店铺名称）

🎯 判定规则（更新版）

有效高质量项数量	品牌类型
≥5 项高质量内容	✅ 真国际品牌
3-4 项/混合质量	⚠️ 存疑品牌
≤2 项或假国际特征明显	❌ 假国际品牌

"有质量的内容"标准（优化版）：

验证项	真国际品牌标准	假国际品牌特征
官网 WHOIS	registrant_country=本土国家 + 多语言 + 正规备案	CN/中国邮箱 (@qq.com) + 机器翻译内容
销售渠道	至少 2 家欧洲本土连锁药房直营/授权	仅 Amazon.de/.co.uk店铺，无Boots/Holland&Barrett等
销售记录	≥4 个国际站点持续销售≥6 个月	0-1 个站点或仅 Amazon.cn + 新注册店铺
媒体报道	Reuters/Forbes/WebMD/BBC报道≥5 篇	无权威媒体，仅有博客/软文/中文内容
WHOIS 核查	registrant_country=本土国家	CN/中国邮箱/地址（即使域名是.com）
商标时间线	海外注册时间早于或与中国同期	中国市场先注册，海外后申请
运营者国籍	欧洲店铺由欧洲公司运营	Amazon.de/.co.uk店铺由中国卖家运营

🔧 使用方法

命令行调用

# 快速检查（约 30 秒）
python /home/admin/.openclaw/workspace/skills/fake-international-brand-detector/scripts/detect_brand.py --brand "品牌名称" --mode quick

# 深度检查（约 5-10 分钟，更准确）
python /home/admin/.openclaw/workspace/skills/fake-international-brand-detector/scripts/detect_brand.py --brand "品牌名称" --mode deep

# 输出 JSON 格式（便于 API 集成）
python /home/admin/.openclaw/workspace/skills/fake-international-brand-detector/scripts/detect_brand.py --brand "NYO3" --output json

API 调用示例

import requests

response = requests.post(
    "http://localhost:8080/api/detect",
    json={"brand": "Nike", "mode": "quick"},
    headers={"Content-Type": "application/json"}
)
print(response.json())

📦 输出示例（NYO3 验证结果）

{
  "brand": "NYO3",
  "timestamp": "2026-03-17T16:59:00+08:00",
  "verifications": {
    "official_website": {
      "found": true,
      "url": "https://nyomega.com",
      "age_years": 8.5,
      "languages": ["en", "de"],
      "quality_score": 1.5,
      "issues": [
        "WHOIS registrant_country=CN",
        "邮箱地址@qq.com",
        "仅英文+德语，无挪威语/瑞典语"
      ]
    },
    "sales_channels": {
      "found": true,
      "channels": {
        "physical_stores": 0,
        "online_partners": [
          {"platform": "amazon.de", "seller_location": "CN"},
          {"platform": "amazon.co.uk", "seller_location": "CN"}
        ]
      },
      "quality_score": 2.0,
      "issues": [
        "无Boots UK授权",
        "欧洲店铺由中国卖家运营"
      ]
    },
    "cross_border_sales": {
      "found": true,
      "platforms": ["amazon.com", "amazon.de"],
      "order_count_estimate": ">100",
      "duration_months": 3,
      "quality_score": 1.5,
      "issues": [
        "店铺注册时间晚，销量低"
      ]
    },
    "media_exposure": {
      "found": false,
      "sources_checked": ["Reuters", "Forbes", "WebMD"],
      "articles_found": 0,
      "quality_score": 0.5,
      "issues": [
        "无权威媒体报道，仅有博客软文"
      ]
    },
    "whois_registration_country": {
      "registrant_country": "CN",
      "expected_country": "NO",
      "match": false,
      "email_domain": "@qq.com",
      "quality_score": 0
    },
    "trademark_timeline": {
      "china_registration_date": "201X",
      "norway_registration_date": "20XX（晚于中国）",
      "earlier_market": "China",
      "suspicious_pattern": true,
      "quality_score": 0
    },
    "amazon_seller_location": {
      "amazon_de_seller_country": "CN",
      "amazon_uk_seller_country": "CN",
      "expected_countries": ["DE", "UK"],
      "match": false,
      "quality_score": 0
    }
  },
  "score_summary": {
    "total_items": 7,
    "high_quality_count": 0,
    "valid_count": 2,
    "false_international_flags": [
      "WHOIS显示中国注册",
      "商标时间线：中国市场早于海外",
      "亚马逊欧洲店铺为中国卖家运营"
    ]
  },
  "total_quality_score": 2.0,
  "verdict": "🚩 假国际品牌",
  "confidence": 0.95,
  "recommendation": "建议避免购买或进一步调查，该品牌由中国青岛逢时科技注册和运营"
}

⚙️ 配置选项

# 运行模式
--mode quick       # 快速检查（默认，约 30 秒）
--mode deep        # 深度检查（约 5-10 分钟，更准确）

# 输出格式
--output json      # JSON 格式
--output markdown  # Markdown 报告

# API 源配置
--tavily-api-key KEY
--whois-domain tools.domaintools.com
--trademark-office CNIPA:USPTO:EUIPO

📂 文件结构

fake-international-brand-detector/
├── SKILL.md                    # 技能定义文档（此文件）
├── scripts/
│   └── detect_brand.py         # 核心检测脚本（待更新）
├── reference/
│   ├── apis.md                 # API 和搜索引擎列表
│   ├── quality-standards.md    # 内容质量标准说明
│   └── brand-examples.json     # 已知品牌示例数据库（新增：NYO3案例）
└── sample/
    └── test_brands.json        # 测试用例数据

📚 引用资源

🔑 API 配置

# Tavily Web Search - 已默认配置✅
export TAVILY_API_KEY="your-key-here"

# 可选：其他 API（按需配置）
export GOOGLE_CSE_API_KEY="..."
export GOOGLE_CSE_ID="..."

海外信息源

WHOIS 查询：whois.domaintools.com / whois命令
商标数据库：
- CNIPA（中国国家知识产权局）
- USPTO（美国专利商标局）
- EUIPO（欧盟知识产权局）
- WIPO（世界知识产权组织）
Wayback Machine：web.archive.org (官网历史快照)
Google News：news.google.com (国际新闻搜索)
亚马逊全球搜索：amazon.com/gp/search/
NewsAPI：newsapi.org (新闻媒体聚合)
Shopify 商店查询：shopify.store/ (电商目录)
Amazon Seller API（需登录）：查看店铺运营者位置

判定标准文档

详见 reference/apis.md 和 reference/quality-standards.md

🏆 已知品牌示例数据库（NYO3案例）

{
  "brand": "NOW",
  "origin": "United States",
  "founded": 1968,
  "whois_country": "US",
  "amazon_platforms": ["amazon.com", "amazon.co.uk", "amazon.de"],
  "media_coverage": true,
  "verdict": "✅ 真国际品牌"
}

{
  "brand": "Swisse",
  "origin": "Australia",
  "founded": 1987,
  "whois_country": "AU",
  "amazon_platforms": ["amazon.com", "amazon.co.uk", "amazon.de", "amazon.fr"],
  "media_coverage": true,
  "verdict": "✅ 真国际品牌"
}

{
  "brand": "NYO3",
  "origin": "China (青岛逢时科技)",
  "claimed_origin": "Norway（宣称挪威，实为假）",
  "whois_country": "CN",
  "trademark_timeline": {
    "china_first": true,
    "norway_later": true
  },
  "amazon_seller_location": {"de": "CN", "uk": "CN"},
  "media_coverage": false,
  "verdict": "🚩 假国际品牌"
}

{
  "brand": "LOEON",
  "origin": "China",
  "founded": <5年，
  "whois_country": "CN",
  "amazon_platforms": ["amazon.cn"],
  "media_coverage": false,
  "verdict": "🚩 假国际品牌"
}

⚠️ 注意事项

隐私合规：只公开查询品牌信息，不抓取用户数据
API 限流：遵守各平台 robots.txt 和使用条款
误判风险：小品牌可能因资料少被误判，可指定--mode deep 复测
时效性：建议每 6 个月重新验证一次结论
中文处理：对于"国货出海的假国际品牌"（如假 Nike）也能准确识别
NYO3案例学习：
- ✅ WHOIS显示中国注册 → 中国品牌
- ✅ 商标时间线中国市场早于海外 → 先做品牌后出海
- ✅ Amazon.de/.co.uk店铺为中国卖家 → 无本土运营
- ✅ 无权威媒体报道 → 仅国内内容/软文
判定逻辑：
- 真国际品牌需要≥5项高质量验证（至少3项高分+2项有效）
- 假国际品牌会触发多项红旗特征（如 WHOIS=CN、商标时间线异常等）

🔄 维护日志

日期	版本	更新内容
2026-03-17	v2.0	新增 WHOIS 注册地、商标时间线、卖家国籍三项检查，基于 NYO3 案例优化
2026-04-16	v2.1	优化大型集团品牌（如 Reckitt/MegaRed）的识别逻辑，增加集团品牌白名单验证，防止因缺乏独立官网而被误判为存疑品牌

📄 License

MIT License - 自由用于商业和学术研究

Comments

Loading comments...