shejian
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a coherent store-management assistant, but it builds raw shell curl commands from user-provided store messages and plaintext tokens, which needs review before use.
Review this skill before installing. It appears intended for legitimate store operations, but you should only use it with a limited store API token and confirm all write actions carefully. The safest improvement would be replacing raw shell curl generation with a constrained API client that escapes user input automatically.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or malicious store message could potentially break the generated command or cause unintended API actions, especially because the same workflow can write sales, inventory, and purchase-order records.
The skill tells the agent to build shell curl commands using values extracted from the user's message. The artifacts do not specify escaping or validation for user-controlled values before placing them inside a shell command, creating a potential command/API misuse path.
使用 `exec` 工具执行 curl 命令...必须单行... `product_name`:商品名(从用户输入提取) ... -d '{"product_name":"番茄","type":"sold_out"}'Use a scoped HTTP/API tool instead of raw shell where possible. If exec is required, strictly JSON-encode and shell-escape all user fields, reject control characters and quotes that cannot be safely handled, and keep an explicit endpoint/method allowlist.
Anyone with access to the token could query or change store data according to that token's permissions.
The skill requires a Bearer token for the store API and instructs the agent to insert the actual token into curl commands. This is purpose-aligned but sensitive credential handling.
每个 agent 的 API Token 通过环境变量注入,变量名格式为 `SHEJIAN_API_TOKEN_<agentId>` ... 必须先用 read_env 或其他方式获取 token 的实际值,然后用单引号拼接成纯文本命令。
Use least-privilege, store-specific tokens; rotate them regularly; avoid placing tokens in ordinary markdown files when a secret manager or protected environment variable is available.
If a user confirms an incorrect interpretation, store records may become inaccurate and affect later inventory or sales decisions.
The skill can write to several store-management endpoints, which can affect inventory, sales, and purchase-order records. The instructions include a confirmation step, so this is disclosed and purpose-aligned, but still operationally important.
`POST /api/sales/supplement` ... `POST /api/inventory/adjust` ... `POST /api/purchase-orders` ... 执行前确认(写操作)展示操作摘要,请用户确认。
Before confirming writes, verify product names, quantities, dates, prices, and adjustment types. Prefer reversible audit logs and correction workflows.