一个自动化的菲律宾海关编码(HS Code)查询工具,帮助出口商快速找到正确的商品分类编码。|
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is purpose-aligned for looking up Philippines HS codes, with disclosed browser/PDF-download automation and dependency notes but no evidence of malicious behavior.
This appears safe to use for HS-code lookup, but expect it to install Python/browser dependencies, open a browser, and download public tariff PDFs. Use a virtual environment if possible and verify official source links for important customs decisions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When used, the skill may open Chromium and save public tariff PDFs on the user's machine.
The skill clearly discloses that a query can open a browser, fetch a Google Drive link, download a PDF, and search it. These tool actions fit the HS-code lookup purpose, but they are still local/network actions the user should expect.
This will: 1. Analyze the product and suggest chapters 2. Open browser to get Google Drive link 3. Download the PDF 4. Search for matching HS codes
Use it when you expect this workflow, verify the source page/link if accuracy matters, and choose an output directory you are comfortable with.
Installing the skill as documented adds external Python packages and a Playwright browser to the local environment.
The skill requires user-directed installation of third-party Python packages and a browser runtime, even though there is no formal install spec. This is expected for the described PDF/browser automation, but it is still a dependency/provenance consideration.
pip install pdfplumber playwright # Install Playwright browsers playwright install chromium
Install dependencies from trusted package indexes, preferably in a virtual environment, and consider pinning package versions for reproducibility.
In unusual fallback download cases, a network attacker or misconfigured proxy could make it easier to substitute an incorrect PDF, which could affect lookup accuracy.
A fallback Google Drive download path disables TLS certificate verification. The file is checked to be a PDF and is not executed, so this remains purpose-aligned, but it weakens download authenticity.
"wget", "--quiet", "--no-check-certificate", "-O", output_path, download_url
Prefer normal certificate-verified downloads where possible, or manually download PDFs from the official Tariff Commission/Google Drive link if the fallback is triggered.