ClawHub

Price Monitor

v1.0.0

Monitor website prices, inventory, and content changes using browser automation. Use when tracking e-commerce prices, competitor monitoring, stock alerts, or...

0· 206·1 current·1 all-time
byYinanping@yinanping-cpu·duplicate of @yinanping-cpu/price-monitor
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description align with the included Python script: it reads a CSV of product URLs, uses browser automation (via an external agent-browser binary) to extract prices, logs history, and reports changes. However, SKILL.md advertises email/Discord webhook alerts and several alert options that are not implemented in scripts/monitor_prices.py — the script only logs to CSV and prints alerts to console. Also SKILL.md recommends proxies/UA rotation, but the code does not implement these features.
Instruction Scope
Runtime instructions focus on visiting product pages, taking snapshots, extracting text, and running the Python monitor. The code does exactly that (calls agent-browser, parses output, writes price-history.csv). There is no code that reads unrelated system files or transmits data to arbitrary endpoints. Note: if you point the skill at pages behind authentication or internal URLs, the skill will capture page content you give it access to — expected but worth noting.
!
Install Mechanism
This is instruction-only with a local Python script (no install spec). However, both SKILL.md and the script depend on an external 'agent-browser' CLI being present and callable via subprocess. The skill metadata lists no required binaries — that is an inconsistency. The absence of a declared dependency on agent-browser is a risk: the script will fail or behave unexpectedly if agent-browser is not present or is a different program, and it places implicit trust in whatever 'agent-browser' is installed on PATH.
Credentials
The skill declares no required environment variables or credentials and the Python code does not read env vars. SKILL.md mentions SMTP and Discord webhooks for alerts (and suggests proxies), but those integrations are not implemented and no credentials are requested. This mismatch could confuse users and may lead to ad-hoc modifications that introduce credential handling without clear guidance.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent system privileges. It writes price-history.csv to the working directory (normal for this use). It does not modify other skills' configs or system-wide settings.
What to consider before installing
This skill appears to generally do what it claims (visit pages and log prices), but you should resolve a few issues before trusting it: - Ensure a legitimate 'agent-browser' CLI is installed and review what that binary does. The Python script calls subprocess.run(['agent-browser', ...]) but the skill metadata did not declare agent-browser as a required binary. If a malicious binary named 'agent-browser' were on PATH it could be invoked. - Be aware the shipped script only logs to CSV and prints alerts — SKILL.md mentions email/Discord/webhooks and proxy/UA rotation, but those features are not implemented. If you need them, implement them yourself and avoid storing credentials in plaintext or hard-coding webhooks. - Confirm the working directory where the script runs. It will write price-history.csv and will read whatever products CSV you pass; do not point it at sensitive internal URLs unless you intend it to capture those pages. - Rate limiting: the script sleeps 2 seconds between checks but SKILL.md recommends slower polling (30s+). Adjust sleep/cron frequency to avoid being blocked by sites and to respect ToS. If you proceed, audit and control the agent-browser binary, run the script in a restricted environment, and add explicit, secure handling for any alert credentials you add. If you want a cleaner install, insist the skill metadata declare required binaries (agent-browser) and any needed env vars for alerts.

Like a lobster shell, security has layers — review code before you run it.

latestvk971hgebzhwcxzt3xsef5898yh82f04a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments