ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Metal Price

全球铁合金网价格查询与导出技能。自动登录www.qqthj.com网站,查询指定金属(如锰铁、钒铁等)的当日价格数据,抓取价格表格并导出为Excel文件。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 334 · 0 current installs · 0 all-time installs
by@wangxiang2023
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to scrape prices from www.qqthj.com and export to Excel — the steps in SKILL.md align with that purpose. However, the inclusion of a hard-coded username and password and a mandatory, user-specific export path (C:\Users\wangxiang\...) are unexpected for a generic scraping/export tool and are not justified by the description.
!
Instruction Scope
The instructions direct automated login, navigation, scraping, and writing an .xlsx to a fixed local path. They provide CSS selectors but no concrete, safe method for automation (no mention of which tool to use). This vagueness gives the agent broad discretion (e.g., executing arbitrary browser automation), and the forced write location is intrusive.
Install Mechanism
Instruction-only skill with no install steps or third-party downloads; nothing is written to disk by an installer. This lower install surface reduces risk.
!
Credentials
No required environment variables are declared, yet plaintext login credentials are embedded in SKILL.md. Embedding an account/password directly in the instructions and requiring a specific user desktop path are disproportionate and suspicious. It's unclear whether the credentials are legitimate/test or stolen.
Persistence & Privilege
always is false and the skill does not request system-wide or cross-skill configuration changes. It does, however, instruct writing to a specific local path which would require filesystem write permission when executed.
What to consider before installing
This skill's behavior (logging into an external site and saving files to a specific user's Desktop) is coherent with scraping metal prices, but there are red flags you should resolve before installing: - The SKILL.md contains hard-coded login credentials. Ask the publisher why fixed credentials are embedded and never use skills that ship with unknown account/password pairs. Prefer skills that prompt you to supply your own credentials or use stored, auditable secrets. - The export path is hard-coded to another user's Desktop (C:\Users\wangxiang\...). That means files will be written to a specific location which likely doesn't exist on your machine and may indicate the author tailored the skill to their environment. Require the skill to accept a configurable path instead. - The instructions are vague about how the agent will perform browser automation (selenium, puppeteer, headless browser, or remote calls). Ask how automation is implemented and run the skill in a restricted sandbox (isolated account, network monitoring) until you trust it. - Confirm the legality and terms-of-service of scraping www.qqthj.com. If you proceed, provide your own credentials and a safe, configurable export directory; review network and filesystem activity during the first runs. Given these inconsistencies (embedded creds, fixed path, and vague execution method) I rate the skill as suspicious. If the author clarifies that the credentials are placeholders, makes the output path configurable, and documents the automation tool used, the risk would be reduced.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
automationvk97cb7fzq3dqhv57k3kk8cpess81sn7kdatavk97cb7fzq3dqhv57k3kk8cpess81sn7kexcelvk97cb7fzq3dqhv57k3kk8cpess81sn7klatestvk97cb7fzq3dqhv57k3kk8cpess81sn7kmetalvk97cb7fzq3dqhv57k3kk8cpess81sn7kpricevk97cb7fzq3dqhv57k3kk8cpess81sn7kscrapingvk97cb7fzq3dqhv57k3kk8cpess81sn7k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis

SKILL.md

Price - 全球铁合金网价格查询

概述

此技能用于自动化查询全球铁合金网(www.qqthj.com)的金属价格数据。

目标网站: https://www.qqthj.com 执行时间: 约18-28秒

执行流程

开始
↓
1. 登录网站
↓
2. 导航到目标金属分类
↓
3. 查询当日价格数据
↓
4. 抓取价格表格
↓
5. 导出为Excel
↓
结束

使用说明

登录信息

操作步骤

阶段一: 网站登录

步骤操作说明等待时间
1打开网站URL: https://www.qqthj.com2-3秒
2点击登录页面左上角"登录"按钮1秒
3输入用户名13327325057-
4输入密码1234567890-
5点击登录提交按钮1-2秒

元素选择器:

  • 用户名: input[type="text"]input[name="username"]
  • 密码: input[type="password"]input[name="password"]
  • 登录按钮: button[type="submit"] 或包含"登录"文本的按钮

阶段二: 数据查询导航

步骤操作说明等待时间
1识别金属菜单首页导航栏金属分类-
2点击金属菜单如"锰"、"钒"等即时
3展开下拉菜单自动展开子菜单即时
4点击金属子类如"锰铁"、"钒铁"等2秒
5定位价格区域找到"国内价格"模块-
6点击当日价格链接包含日期+金属名称+价格2秒

元素选择器:

  • 金属菜单: 导航栏中包含金属名称的菜单项
  • 价格链接: a标签,文本包含日期+金属名称+"价格"

阶段三: 数据抓取与导出

步骤操作说明
1页面加载等待价格详情页加载
2滚动页面滚动到表格可见区域
3定位表格找到价格表格
4抓取数据提取所有行列数据
5导出Excel保存为.xlsx文件

元素选择器:

  • 价格表格: table标签,位于价格详情页

参数配置

参数名称默认值说明示例
用户名13327325057登录账号手机号
密码1234567890登录密码-
金属类型主菜单选择钒、钛、钨、钼等
金属子类锰铁子菜单选择高碳锰铁、中碳锰铁等
查询日期当日价格日期1月30日、2月1日等
导出路径固定路径必须保存到此路径C:\Users\wangxiang\Desktop\阶跃产出结果\Excel文件

导出文件命名

建议格式: YYYYMMDD_金属名称_价格.xlsx

示例:

  • 20260130_高碳锰铁价格.xlsx
  • 20260130_钒铁价格.xlsx

使用示例

示例1: 查询当日锰铁价格

执行SKILL: Price
参数:
  - 金属类型: 锰
  - 金属子类: 锰铁
  - 查询日期: 今天

示例2: 查询钒铁价格

执行SKILL: Price
参数:
  - 金属类型: 钒
  - 金属子类: 钒铁
  - 查询日期: 今天

异常处理

问题可能原因解决方案
登录失败用户名或密码错误检查账号密码
找不到登录按钮页面加载未完成增加等待时间
下拉菜单未展开点击未触发使用JavaScript触发点击
找不到价格链接日期格式不匹配检查日期格式
表格加载失败网络延迟刷新页面重试
导出失败路径错误或权限不足检查保存路径

注意事项

  1. ⚠️ 重要: Excel文件必须保存到 C:\Users\wangxiang\Desktop\阶跃产出结果\Excel文件 文件夹

  2. 登录凭证安全: 妥善保管用户名和密码

  3. 日期格式: 价格链接的日期格式为"X月XX日",需动态生成

  4. 网络稳定性: 确保网络连接稳定

  5. 数据时效性: 价格数据通常在工作日更新

  6. 表格结构: 不同金属的表格结构可能略有差异

  7. 文件覆盖: 导出前检查是否存在同名文件

扩展功能

  1. 批量查询: 支持一次查询多个金属类型
  2. 历史数据: 支持查询指定日期范围的历史价格
  3. 数据对比: 自动对比不同日期的价格变化
  4. 定时任务: 设置定时自动执行
  5. 数据分析: 在Excel中自动生成价格趋势图表
  6. 邮件通知: 数据获取完成后发送邮件通知

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…