E-commerce Skills 安全扫描报告 — 可信 | ClawSafe

5 /100

E-commerce Skills

电商领域 OpenClaw 技能集合，提供选品调研、市场分析、内容生成等能力。支持淘宝/拼多多/抖音/小红书/1688平台。

Pure documentation-only skill with no executable code present - describes planned e-commerce capabilities but contains no scripts, binaries, or implementation files.

技能名称E-commerce Skills

分析耗时26.9s

引擎pi

✓

可以安装

This skill is safe to install. However, note it provides only documentation/structure with no actual implementation. Verify the actual implementation files (infrastructure/, platforms/, capabilities/, scenarios/) are included before production use.

安全发现 1 项

严重性	安全发现	位置
低危	Documentation references non-existent implementation files 文档欺骗 SKILL.md and PROJECT_INFO.txt describe a full directory structure with implementation files (infrastructure/, platforms/, capabilities/, scenarios/) but these directories and files are not present in the actual package. `References: infrastructure/ecommerce-infrastructure, platforms/taobao-api, capabilities/product-research` → Ensure implementation files are included before release, or clarify this is a documentation-only placeholder.	`SKILL.md:1`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`NONE`	✓ 一致	No file operations in code - documentation only
网络访问	`READ`	`NONE`	✓ 一致	Describes API usage but no network code present
命令执行	`NONE`	`NONE`	—	No shell execution found
环境变量	`READ`	`NONE`	✓ 一致	Declares env var usage for API keys but no code to read them

目录结构

3 文件 · 5.8 KB · 159 行

Markdown 2f · 100L Text 1f · 59L

├─ 📝 CHANGELOG.md Markdown 26L · 955 B

├─ 📄 PROJECT_INFO.txt Text 59L · 2.0 KB

└─ 📝 SKILL.md Markdown 74L · 2.9 KB

安全亮点

✓ No executable code present - purely documentation

✓ No suspicious patterns (base64, obfuscation, reverse shell)

✓ No credential harvesting code

✓ No network exfiltration code

✓ No file write operations

✓ API key storage correctly references environment variables (declared)

✓ Clean file tree with no hidden malicious content