ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

多平台数据聚合

v1.0.0

整合多个电商及社交平台公开数据,提供标准化竞品价格、销量和市场分析,支持多市场多平台的实时查询。

0· 23·0 current·0 all-time
by@yayale-deng

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for yayale-deng/crossdata.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "多平台数据聚合" (yayale-deng/crossdata) from ClawHub.
Skill page: https://clawhub.ai/yayale-deng/crossdata
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install crossdata

ClawHub CLI

Package manager switcher

npx clawhub@latest install crossdata
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (aggregating e‑commerce and social platform public data) matches the inputs and output schema in SKILL.md. However, for real aggregation you'd normally expect declared API keys or clear scraping guidance for each source (Amazon, TikTok, 1688, AliExpress). The skill does not declare those, instead referencing a single 'ClawHub token' without explaining what ClawHub is or why one token suffices for multiple platforms.
!
Instruction Scope
SKILL.md does not include explicit commands or endpoints, but it explicitly states '需要 ClawHub token' and embeds a concrete token string. There is no instruction for how the token is passed (env var name), what service endpoints will be called, or what data is transmitted. Embedding a credential in the instructions is a red flag and the lack of endpoint/usage detail makes runtime behavior unclear.
Install Mechanism
Instruction-only skill with no install spec and no code files — this has lower install risk because nothing is written to disk. However, absence of code makes it impossible to verify what network calls would be made at runtime, increasing the need for clarity in the SKILL.md.
!
Credentials
Registry metadata lists no required env vars, but SKILL.md demands a ClawHub token and even provides a literal token. The token's presence is disproportionate and unexplained: either it's a placeholder (should not be published) or it's a leaked secret. There is no justification for other platform credentials (Amazon, TikTok) or description of least-privilege access.
Persistence & Privilege
The skill does not request always:true or system-wide changes and is user-invocable only. Autonomous invocation is allowed by default but not combined here with other elevated privileges, so no extra persistence/privilege flags are present.
What to consider before installing
Do not install or use this skill until the author clarifies the following: (1) what 'ClawHub' is and why a single token is sufficient for multiple platforms; (2) whether the token embedded in SKILL.md is a real/active secret (if real, treat it as leaked and rotate it immediately); (3) what network endpoints the skill will call and what data will be sent or stored externally; (4) which credentials (if any) are actually required for each source platform and how they should be provided (env vars, secure storage); and (5) an explicit privacy/data usage policy. If you must proceed, insist on a version that removes hardcoded credentials, declares required env vars, documents endpoints, and limits permissions to least privilege.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bvevbpscrkfptn7dgeqgj6s85qnse
23downloads
0stars
1versions
Updated 7h ago
v1.0.0
MIT-0
@yayale-deng
latest
Download

CrossData

CrossData - 多平台数据聚合技能

功能描述

整合多个电商及社交媒体平台的数据,提供标准化的竞品分析数据,解决单一平台数据孤岛问题。

输入参数

  • keywords: 搜索关键词(数组),如 ["USB-C fast charger", "Type-C 快充"]
  • targetMarkets: 目标市场列表,如 ["Russia", "Brazil", "MiddleEast", "SoutheastAsia", "Europe"]
  • priceRange: 价格区间(美元),如 {"min": 5, "max": 50}
  • sourcePlatforms: 数据来源平台,支持 ["aliexpress", "1688", "tiktok", "amazon"]
  • limit: 每平台最大返回数量,默认 20

输出格式

{
  "productData": [
    {
      "platform": "aliexpress",
      "productName": "65W USB-C Fast Charger",
      "price": 24.99,
      "sales": 2847,
      "rating": 4.8,
      "shipping": "无忧集运"
    }
  ],
  "summary": {
    "totalProducts": 50,
    "avgPrice": 25.17,
    "priceDistribution": {"low": 0.2, "mid": 0.5, "high": 0.3},
    "topMarkets": ["Russia", "Brazil"]
  }
}

使用示例

{
  "keywords": ["USB-C fast charger", "65W Type-C"],
  "targetMarkets": ["Russia", "Brazil"],
  "priceRange": {"min": 5, "max": 50},
  "sourcePlatforms": ["aliexpress", "1688"],
  "limit": 30
}

权限说明

  • 需要 ClawHub token:clh_dfYBmWi76_VPBJhUkwRoK8BWpQ4m1IV47bAHieANjVA
  • 访问多个平台的公开数据权限
  • 数据聚合与清洗权限

备注

  • 当前版本需 ClawHub token 激活
  • 数据刷新频率为实时
  • 输出格式支持 JSON/CSV

Comments

Loading comments...