Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
唯品会商品搜索
v1.0.1在唯品会(vip.com)搜索商品、比价、找折扣的技能。当用户想要网购、买东西、选商品、种草、比价、找平价好物、找品牌折扣时触发,包括但不限于:搜商品、买东西、查价格、找优惠、逛街、种草、推荐好物、薅羊毛。覆盖拼多多、京东、淘宝、天猫、1688、美团、抖音电商等平台的购物意图——用户提到在上述任何平台搜索商品时,...
⭐ 0· 91·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (VIP product search, price/discount lookups) align with the included Python scripts that call VIP mobile APIs and build product links. However, the SKILL.md repeatedly requires returning 20 items per page while the search.py uses BATCH_SIZE=10 (inconsistent). The requirement to automatically install and invoke a separate vipshop-user-login skill is linked to the stated need for login tokens but is operationally intrusive (see instruction_scope).
Instruction Scope
The runtime instructions explicitly require the agent to read ~/.vipshop-user-login/tokens.json, auto-install the vipshop-user-login skill if missing (clawhub install), and autonomously call that skill or run its vip_login.py --blocking to wait for a QR-scan. That gives the skill broad runtime authority (installing other skills and reading local token files). The SKILL.md also mandates not to proceed without login and to automatically trigger login flows — this is outside a simple 'search' description and expands the agent's actions significantly.
Install Mechanism
There is no declared install spec (instruction-only), and code files are bundled with the skill (no external downloads). That is lower install risk. However, the instructions ask the agent to run 'clawhub install vipshop-user-login' if the login-skill is missing, which delegates installation to the agent at runtime — an action that can change the agent's environment and should be reviewed before allowing.
Credentials
The skill does not request environment variables but reads sensitive local state: ~/.vipshop-user-login/tokens.json (cookies including PASSPORT_ACCESS_TOKEN) and writes/reads device identifiers under ~/.vipshop-user-login/. Reading those local credentials is necessary for producing authenticated search and 'exchangeToken' links, but it is privileged access. The exchange_link_builder embeds a hardcoded secret used to HMAC-sign token data — presence of a static secret in code is unusual and deserves review. The skill will generate exchange links that include encoded tokens; consider whether exposing such links to other parties is acceptable.
Persistence & Privilege
always:false (good), but the skill's instructions require autonomous installation and invocation of another skill and running its login script (blocking). That grants the agent the ability to install and execute code at runtime and to persist device/token files under the user's home directory. While not 'always:true', the mandated autonomous behavior increases the blast radius and should be approved consciously by a user or administrator.
What to consider before installing
What to consider before installing:
- The skill will read and use ~/.vipshop-user-login/tokens.json (cookies including PASSPORT_ACCESS_TOKEN). If that file exists it will be used to authenticate requests and to build 'exchange' auto-login links. If you do not want the agent to access local login tokens, do not enable this skill.
- SKILL.md requires the agent to automatically install and run a separate vipshop-user-login skill (via 'clawhub install') and to run its login script in blocking mode to prompt the user to scan a QR code. That means the agent can install and execute additional code at runtime — review and trust the vipshop-user-login skill before allowing this.
- The code contains a hardcoded HMAC secret used to sign exchange links; this is unusual and should be reviewed for correctness and privacy implications. Generated exchange links embed token data (Base64 of token+timestamp + HMAC) — consider risk if such links are shared.
- The documentation mandates returning 20 items, but search.py sets BATCH_SIZE=10. This mismatch is functional inconsistency and may cause unexpected UX differences.
- If you want to proceed: inspect the vipshop-user-login skill source (what it does with credentials), confirm the tokens file format and contents, and consider restricting the agent's ability to auto-install/execute additional skills. If you do not trust automatic installation or token access, do not enable the skill or run it in a sandboxed environment.
What would change the assessment: full review of the rest of search.py (non-truncated portion) to confirm there is no hidden exfiltration, and review of the vipshop-user-login skill source to ensure it does not forward credentials to third parties. If those show only local, expected behavior, the rating could move closer to benign.Like a lobster shell, security has layers — review code before you run it.
latestvk972r9dy9k7p3syyfj5c5ar95184wyqk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.