Scan Report
0 /100
HK Supermarket Shopping
Real-time price comparison for Hong Kong supermarkets using Consumer Council's daily pricewatch
A legitimate Hong Kong supermarket price comparison tool with no security concerns. Uses only standard library, accesses a single verified HTTPS endpoint, and operates exclusively within its data directory.
Safe to install
No action needed. The skill is safe to use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | WRITE | ✓ Aligned | Writes CSV to data/ directory (lines 82-86 in supermarket.py) |
| Network | NONE | READ | ✓ Aligned | Downloads from Consumer Council HTTPS URL (lines 48-67 in supermarket.py) |
| Shell | NONE | NONE | — | No shell execution detected |
| Environment | NONE | NONE | — | No environment variable access |
| Skill Invoke | NONE | NONE | — | No skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser access |
| Database | NONE | NONE | — | No database access |
1 findings
Medium External URL 外部 URL
https://online-price-watch.consumer.org.hk/opw/opendata/pricewatch_en.csv supermarket.py:7 File Tree
6 files · 15.7 KB · 419 lines Python 1f · 196L
JSON 3f · 113L
Markdown 2f · 110L
├─
clawhub.json
JSON
├─
openclaw.plugin.json
JSON
├─
package.json
JSON
├─
README.md
Markdown
├─
SKILL.md
Markdown
└─
supermarket.py
Python
Security Positives
✓ Uses only Python standard library (urllib, csv, pathlib, datetime) - no external dependencies
✓ SSL/TLS verification enabled by default in urllib
✓ Input query length limited to 200 characters - prevents injection
✓ Filesystem access strictly scoped to data/ subdirectory
✓ Network access limited to single verified Consumer Council HTTPS endpoint
✓ No credential access or environment variable reading
✓ No shell execution or subprocess usage
✓ No obfuscation or base64-encoded payloads
✓ Housekeeping removes old data files automatically
✓ Proper error handling with fallback mechanisms