扫描报告
0 /100
HK Supermarket Shopping
Real-time price comparison for Hong Kong supermarkets using Consumer Council's daily pricewatch
A legitimate Hong Kong supermarket price comparison tool with no security concerns. Uses only standard library, accesses a single verified HTTPS endpoint, and operates exclusively within its data directory.
可以安装
No action needed. The skill is safe to use.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | WRITE | ✓ 一致 | Writes CSV to data/ directory (lines 82-86 in supermarket.py) |
| 网络访问 | NONE | READ | ✓ 一致 | Downloads from Consumer Council HTTPS URL (lines 48-67 in supermarket.py) |
| 命令执行 | NONE | NONE | — | No shell execution detected |
| 环境变量 | NONE | NONE | — | No environment variable access |
| 技能调用 | NONE | NONE | — | No skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser access |
| 数据库 | NONE | NONE | — | No database access |
1 项发现
中危 外部 URL 外部 URL
https://online-price-watch.consumer.org.hk/opw/opendata/pricewatch_en.csv supermarket.py:7 目录结构
6 文件 · 15.7 KB · 419 行 Python 1f · 196L
JSON 3f · 113L
Markdown 2f · 110L
├─
clawhub.json
JSON
├─
openclaw.plugin.json
JSON
├─
package.json
JSON
├─
README.md
Markdown
├─
SKILL.md
Markdown
└─
supermarket.py
Python
安全亮点
✓ Uses only Python standard library (urllib, csv, pathlib, datetime) - no external dependencies
✓ SSL/TLS verification enabled by default in urllib
✓ Input query length limited to 200 characters - prevents injection
✓ Filesystem access strictly scoped to data/ subdirectory
✓ Network access limited to single verified Consumer Council HTTPS endpoint
✓ No credential access or environment variable reading
✓ No shell execution or subprocess usage
✓ No obfuscation or base64-encoded payloads
✓ Housekeeping removes old data files automatically
✓ Proper error handling with fallback mechanisms