ClawHub

Inventory Manager

v1.0.0

E-commerce inventory management for Taobao, Douyin, and other platforms. Use when tracking stock levels, syncing inventory across stores, managing suppliers,...

0· 397·1 current·1 all-time
byYinanping@yinanping-cpu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The description promises integration with Taobao and Douyin (real-time API, webhooks, sync), but the provided code contains only simulated sample data and no network/API calls; no credentials or API env vars are requested. A legitimate integrator would typically require API keys/credentials and network access—their absence is disproportionate to the claimed capability.
!
Instruction Scope
SKILL.md instructs running multiple scripts (e.g., scripts/check_stock.py, scripts/sync_inventory.py, scripts/stock_alerts.py, generate_po.py, forecast_sales.py) that are not present. The actual code is a single script at scripts/inventory_manager.py which supports actions via --action. The docs are therefore misleading/ inconsistent and give the agent broad, unclear instructions (run these scripts) that don't match the code.
Install Mechanism
There is no install specification (instruction-only with a small Python script). Nothing is downloaded or written by an installer, so installation risk is low.
Credentials
The skill declares no required environment variables or credentials, yet SKILL.md and README discuss API credentials, webhooks, and sending email/WeChat alerts. This omission could mean the skill is a local demo (harmless) or that required secrets are expected to be provided ad hoc later (risky).
Persistence & Privilege
The skill is not marked always:true and contains no install-time hooks or requests to modify other skills or agent-wide settings. It does not request persistent privileges.
What to consider before installing
This package looks like a local/demo inventory tool rather than a finished Taobao/Douyin integrator. Before installing or running it with real stores: 1) Do not supply real API keys or credentials until the author explains how they are used and where they are stored. 2) Note that SKILL.md references many scripts that aren't included — the real entrypoint is scripts/inventory_manager.py which currently uses simulated data and makes no network calls. 3) If you plan to use this in production, request (or inspect) updated code that implements secure API calls, explicit env var names for credentials, and safe handling of tokens. 4) Run the code in a sandboxed environment and monitor network traffic to confirm it does only what you expect. 5) If the author cannot clarify the mismatches (missing scripts, missing credential handling, and claimed features), treat this as untrusted for production use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cbx9da9kgkajg6br46en52h82epk3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments