淘宝/京东/拼多多优惠查询、产品比价
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent shopping price-comparison skill, but users should know it sends shopping queries/links to an external HTTP API and returns clickable promotional links.
This skill appears safe for ordinary shopping searches and link conversion. Before installing, be comfortable with your search terms and shopping links being sent to op.squirrel2.cn, and check promotional link destinations before clicking.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The external API and potentially the network path can see the product searches, shopping links, and share content you submit.
User shopping searches, product URLs, and share tokens are sent to the configured backend API; config.py defaults that backend to plain HTTP at op.squirrel2.cn.
url = f"{API_BASE_URL}{API_PREFIX}{endpoint}"
response = requests.post(url, json=data, timeout=API_TIMEOUT)Avoid submitting private or sensitive shopping links, and prefer a version that uses HTTPS for the backend API.
Rendered links may make it less obvious which domain or tracking link you are about to open.
The skill requires promotional links to be rendered as clickable Markdown links rather than visibly showing the raw URL.
必须使用Markdown超链接格式... 禁止直接显示原始URL
Inspect the link target before clicking and confirm it goes to the expected shopping platform or discount service.
Installation may depend on the local Python environment and the current PyPI package version.
The README documents a manual, unpinned package installation step while the registry install spec declares no installation requirements.
pip install requests
Use a trusted environment and consider pinning dependencies if deploying this skill in a managed workspace.