price-check
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a coherent price-comparison skill, but it sends shopping searches to an external pricing API and keeps local or optional Feishu history, so review those data flows before use.
Before installing, decide whether you are comfortable sending product search terms to the external price API and keeping a local shopping-history database. If you enable Feishu sync, use a dedicated table, limit bot permissions, and protect ~/.openclaw/data/price-check/config.json. Verify any seller or price link before purchasing.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may show the generated report exactly as produced, with less summarization or independent restructuring.
The skill tells the agent to present tool-generated report text verbatim before doing its own response formatting.
第一步永远是把 `human_report` 字段原样发给用户
Read the report critically and ask follow-up questions if you want a shorter or independently checked summary.
Product searches are shared with the external price data provider, and results depend on that provider's accuracy.
The core price search sends the user's shopping keyword to the maishou88.com API, which is expected for live price comparison.
session.post(f"{API_BASE}/api/v1/homepage/searchList" ... data={ ... "keyword": str(keyword), "openid": OPENID, ... })Use normal product terms rather than sensitive personal information, and verify prices and seller pages before buying.
Your shopping query history can remain on the local machine until deleted.
The skill intentionally stores query history, cache data, and price snapshots in a local SQLite database for historical price tracking.
DATA_DIR = Path.home() / ".openclaw" / "data" / "price-check" DB_PATH = DATA_DIR / "price-check.db"
Protect or delete the local data directory if product searches are sensitive; back it up only if you want to preserve history.
If you opt in, shopping searches and deal history are written to the selected Feishu workspace/table using the configured permissions.
When Feishu sync is enabled, the skill uses configured Feishu/Lark access to write query results into a Bitable.
"base", "+record-upsert", "--base-token", base_token, "--table-id", table_id, "--json", body
Enable Feishu sync only for a trusted table, grant the bot the minimum needed permissions, and keep the config file private.
A future dependency resolution could differ from what the author tested.
The uv script declares an unpinned runtime dependency, so installs may resolve the current aiohttp package rather than a locked version.
# dependencies = ["aiohttp"]
For higher assurance, pin dependencies or run in a controlled environment.
A user could overread the privacy claim as meaning no search data ever leaves the machine.
The privacy wording emphasizes local storage, but users should understand that live price search still sends product queries to the disclosed external pricing API.
All data stays on your machine. SQLite is local; no external service writes happen unless you opt into Feishu sync.
Treat the statement as applying to stored history by default, and avoid sensitive terms in live price queries.