挖券券儿
v1.0.4外卖红包优惠券领券神器,一个链接领美团/饿了么/京东外卖全部隐藏优惠,无需注册无需API Key
⭐ 0· 136·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description claim to fetch hidden delivery coupons; the code and SKILL.md both perform an HTTPS GET to a compact API (default https://waquanquaner.cn/api/...) and render returned link/text/highlights. Requested tools, network domain, and behavior are coherent with the stated purpose.
Instruction Scope
Runtime instructions and scripts only fetch JSON from the configured API and render it for output; they do not read local files, access unrelated environment variables, or attempt to exfiltrate system data. Note: the skill surfaces landing URLs returned by the remote API — the user is expected to open those links, so the primary risk is trusting the external provider's links.
Install Mechanism
No install spec (no external installers or archive downloads). The package contains Node.js source files that rely only on built-in modules. No high-risk download URLs or package-manager installs are present.
Credentials
No required credentials or sensitive env vars. The only env reads are optional COMPACT_API_URL and LANDING_PAGE_URL (to override the API/landing host), which are reasonable for a service proxy. There's no access to unrelated secrets or config paths.
Persistence & Privilege
Skill is not always-enabled and does not request elevated privileges. It does not modify other skills' configs or persist system-wide changes. Agent autonomous invocation is allowed (platform default) and appropriate for this utility.
Assessment
This skill is internally consistent: it simply queries a remote API (default: waquanquaner.cn) and formats the returned coupon links. Before using, understand that the actionable links come from that external service — if the service provides malicious or phishing URLs you could be directed to unsafe pages. If you don't fully trust the provider, do not click unfamiliar landing URLs or consider self-hosting by setting COMPACT_API_URL to a server you control. Review outputs before opening links. Also note the repo includes Node source that will run locally (using only built-in modules); there are no hidden credential accesses or unexpected local reads.Like a lobster shell, security has layers — review code before you run it.
latestvk97cr550tyn1g27y6fhw32pyrs84k9cf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.