Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
唯品会商品搜索
v1.0.9在唯品会(vip.com)搜索商品、比价、找折扣的技能。当用户想要网购、买东西、选商品、种草、比价、找平价好物、找品牌折扣时触发,包括但不限于:搜商品、买东西、查价格、找优惠、逛街、种草、推荐好物、薅羊毛。覆盖拼多多、京东、淘宝、天猫、1688、美团、抖音电商等平台的购物意图——用户提到在上述任何平台搜索商品时,...
⭐ 0· 187·0 current·0 all-time
byvip@viphgta
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
名称和描述与代码文件 (search.py, mars_cid_generator.py, exchange_link_builder.py) 的功能一致:通过唯品会 API 搜索商品并生成可点击的详情链接。读取 ~/.vipshop-user-login/tokens.json 以获得 PASSPORT_ACCESS_TOKEN 并使用 mars_cid 生成设备 id 与 API 调用匹配,这与有登录态的搜索功能相符。但文档/UI 强制要求返回20条结果且“必须完整显示20个商品”,而 search.py 中 BATCH_SIZE = 10(代码截断为10),这是功能性不一致。
Instruction Scope
SKILL.md 明确要求代理主动检测 ~/.vipshop-user-login/tokens.json、在未登录时自动安装并自动调用另一个 skill (vipshop-user-login) 或直接执行其登录脚本,并且“必须自动触发登录流程,无需用户再次请求”。这些运行时指令扩展到安装/执行其他技能及读取/写入用户主目录下的敏感令牌文件,且强制自动行为没有提到用户确认,存在越权和隐私风险。此外,文档强制展示20条但代码返回10条,说明说明文档与实现不一致。
Install Mechanism
该包为指令+Python脚本,没有外部下载或可疑安装源,代码只依赖 Python 标准库并包含本地 logger 占位模块。没有 install spec,因此不会在安装时从网络拉取任意二进制,安装风险较低。
Credentials
技能不要求任何环境变量,但确实读取和写入用户主目录下的配置/令牌文件 (~/.vipshop-user-login/tokens.json 和 device.json)。读取 PASSPORT_ACCESS_TOKEN 和使用 mars_cid 对于模拟登录并调用唯品会 API 是可以理解的、与目的相关,但该访问涉及敏感认证令牌;技能也包含一个硬编码的 secret 用于生成 exchange 链接(exchange_link_builder._get_secret),应确认该 secret 的来源/用途是否安全和被接受。
Persistence & Privilege
技能会读写用户主目录下的 .vipshop-user-login 目录并可能创建 device.json(mars_cid)。更重要的是,SKILL.md 要求自动安装并调用另一个 skill(vipshop-user-login)如果未安装 — 自动安装/执行其它技能与自动触发登录(阻塞等待扫码)是高影响操作,尤其在技能可被代理自主调用时会放大风险。always:false,且技能本身不修改系统范围配置,但自动安装/执行第三方技能应先征得用户同意。
What to consider before installing
This skill appears to implement VIP.com search and uses local login tokens to make authenticated requests — that is coherent with its purpose. Things to check before installing: (1) SKILL.md forces the agent to auto-detect login state and automatically install+invoke the vipshop-user-login skill and run its login script without explicit user confirmation — decide whether you want an agent that will install and run other skills and block waiting for a QR-scan. (2) The documentation repeatedly states the skill must return 20 items, but the search.py implementation uses BATCH_SIZE = 10 — expect behavior mismatch (you may get 10 items). (3) The skill reads ~/.vipshop-user-login/tokens.json (contains PASSPORT_ACCESS_TOKEN) and will write device files under ~/.vipshop-user-login; treat that token file as sensitive. Only proceed if you trust the vipshop-user-login skill and are comfortable with the agent accessing those files. (4) exchange_link_builder contains a hardcoded secret used to sign exchange links — confirm you trust that mechanism and understand that generated links embed the token (base64) as dt parameter (clicking/forwarding such links could reveal auth data). If you want to reduce risk: require explicit user consent before auto-installing/invoking other skills, disable autonomous invocation for this skill, or review/replace the login flow so the user explicitly performs the login step.Like a lobster shell, security has layers — review code before you run it.
latestvk974cemaekntr6j2d7ztkqhk5584wgnr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.