ClawHub
Back to skill
v1.1.5

阿里商品月销查询

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:04 AM.

Analysis

The skill does what it claims: it extracts a Taobao/Tmall item ID and sends it to a disclosed third-party API to return monthly sales data.

GuidanceThis appears safe for its stated purpose. Before installing, note that each queried Taobao/Tmall product ID will be sent to EarlyData's API service, and the Python requests package must be available for the code to run.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityInfoConfidenceHighStatusNote
scripts/agent.py
response = requests.get(API_URL, params=params, timeout=10)

The code performs a bounded HTTP GET request to the declared API URL with the item ID and version as parameters; this is expected for the skill's purpose.

User impactThe agent can make a network request when the skill is used, but the request is limited to the disclosed sales-query endpoint.
RecommendationUse the skill for intended product-sales lookups and avoid submitting unrelated or sensitive text as the item input.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityInfoConfidenceHighStatusNote
SKILL.md
API Endpoint: `https://mi.earlydata.com/monthsale` ... 本技能仅发送商品ID到API服务器以获取月销量数据

The skill clearly discloses that product IDs are sent to a third-party API provider to obtain sales data.

User impactThe product ID or link-derived item ID you ask about will be sent to EarlyData's API service.
RecommendationInstall only if you are comfortable sharing queried Taobao/Tmall product IDs with the disclosed third-party API provider.