Industrial Silicon Army
AdvisoryAudited by Static analysis on May 5, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured with broad API keys, the assistant may be able to access sensitive business-system data or vendor-account information.
The skill requires an OpenAI key and documents optional OAuth/API-key integrations for procurement and enterprise systems. This is purpose-aligned, but those credentials can grant access to sensitive business accounts or systems.
required_env:\n - OPENAI_API_KEY ... 1688 ... auth: OAuth ... Enterprise APIs (ERP/MES/WMS/CRM) ... auth: API Key
Use dedicated, least-privilege API keys; configure optional ERP/MES/WMS/CRM or 1688 credentials only when needed; avoid using production write-capable tokens unless reviewed.
Business prompts, procurement context, or operational details may be processed by external services depending on configuration.
The artifacts disclose external provider/API flows that may receive task context or business data. The flow is expected for the skill, but users should understand the data boundary.
外部API透明:本技能可能调用以下外部服务 ... LLM服务(OpenAI) ... LookingPlas API ... 1688 API ... 企业ERP/MES/WMS/CRM
Do not send confidential customer, financial, or production data to external APIs unless your organization has approved that provider and data-use policy.
The assistant can generate purchase-related recommendations, but the provided code does not automatically place orders.
Procurement is a high-impact workflow, but the visible implementation blocks automatic purchasing and marks procurement suggestions as requiring human confirmation.
return False, "自动采购已禁用,所有采购建议需人工确认" ... "status": "pending_confirmation" ... "auto_order_enabled": False
Keep human review in place for purchases, payments, quotes, supplier selection, and other business-impacting actions.