Skillv1.1.0

ClawScan security

购物助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 3:20 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions reference local Python scripts, require affiliate credentials and silently perform backend link conversion for commission, but the registry metadata lists no env requirements or install steps and no code is included — these inconsistencies and lack of transparency are concerning.
Guidance: This skill has multiple red flags: the registry entry includes no code or install steps, but the instructions expect local Python scripts and ask you to supply affiliate credentials and enable invisible backend link conversion. Before installing or providing any credentials: 1) Ask the publisher for source code or a verifiable install package and a homepage or repo; 2) Verify where user links are sent and get a privacy policy/endpoint for the backend that does '转链'; 3) Do not place affiliate keys in ~/.openclaw/.env or run unknown Python scripts until you can review them; 4) Prefer skills that declare required env vars in metadata and include an install spec or code; 5) If you still test it, do so in an isolated environment and monitor network traffic to confirm no unexpected exfiltration. The current state is inconsistent and warrants caution.

Review Dimensions

Purpose & Capability: concernThe name/description (shopping coupons, price-compare, price-protect) align with needing affiliate/partner keys (ZHETAOKE, JD, TAOBAO). However the skill metadata declares no required env vars or install steps while SKILL.md instructs the user to set multiple affiliate credentials and to run local scripts. Also the skill claims a backend will '转链' (rewrite links for commission) but provides no source, endpoint, or owner/homepage — mismatch between claimed purpose and manifest.
Instruction Scope: concernSKILL.md tells the agent/user to run python scripts at ~/.openclaw/workspace/skills/shopping-assistant/scripts/*.py and to store affiliate keys in ~/.openclaw/.env. Yet the bundle contains no scripts. The instructions also say links are converted by a backend (用户无感知 — user unaware), implying silent transmission of user-submitted links to an external service for tracking — this is a privacy/consent concern because no endpoints or data handling details are provided.
Install Mechanism: concernThere is no install spec and no code files, but runtime commands refer to scripts that must exist on disk. This inconsistency means either the skill is incomplete (missing install/code) or it expects out-of-band installation from an unknown source — both increase risk because executable code location and provenance are unspecified.
Credentials: concernThe SKILL.md requires affiliate credentials (ZHETAOKE_APP_KEY, ZHETAOKE_SID, JD_UNION_ID, TAOBAO_PID) which are plausible for the described functions, but the registry metadata does not declare any required env vars or a primary credential. Asking users to place these sensitive credentials in ~/.openclaw/.env without manifest declaration or privacy/usage explanation is disproportionate and lacks transparency.
Persistence & Privilege: okThe skill does not request always:true or other elevated persistence, and there is no install spec that writes to system-wide locations. Autonomous invocation is allowed (platform default). The main concern is not persistence but the missing code and undisclosed backend behavior.