← Back to Skills Marketplace
517
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install taobao-query
Description
Query Taobao product prices and information through MCP (Model Context Protocol). Use when the user asks about product prices, searches for items on Taobao,...
Usage Guidance
This skill can control a Taobao client via an MCP server and read sensitive, authenticated data (cart, orders, browsing history). Before installing: only use it if you trust the skill source; ensure TAOBAO_MCP_URL is left at the localhost default (http://127.0.0.1:3654/mcp) and do NOT point it to remote or untrusted hosts; consider using a separate/no-payment Taobao account for testing; restrict or disable autonomous invocation if possible; review network/firewall rules so the MCP port is not exposed publicly; and monitor the Taobao account for unexpected activity. If you need stronger assurance, ask the skill author to require/confirm localhost-only MCP use and to document exactly which MCP tool calls will run for each user request.
Capability Analysis
Type: OpenClaw Skill
Name: taobao-query
Version: 1.0.0
The taobao-query skill provides an interface for an AI agent to interact with Taobao via a local Model Context Protocol (MCP) server. While the instructions in SKILL.md include safety guardrails against financial transactions, the skill grants high-risk capabilities including 'navigate_to_url', 'input_text', and 'get_browse_history', which allow for broad browser automation and access to sensitive user data. The dependency on a specific local 'Taobao Desktop Client' to host the service at http://127.0.0.1:3654/mcp is a significant external requirement that could be used as a vector for local service exploitation or social engineering, placing it in the suspicious category despite the lack of clear malicious intent.
Capability Assessment
Purpose & Capability
The name/description (Taobao product queries) align with the SKILL.md: it expects a running Taobao MCP server and exposes search, browse, cart and chat operations — these are coherent with the stated purpose. However, the skill permits broad browsing/navigation and reading of cart/order data (sensitive but plausibly needed).
Instruction Scope
The SKILL.md instructs the agent to connect to an MCP server and use operations that can read page content, browsing history, cart and order details, navigate to arbitrary URLs, and send chat messages. While payments are explicitly forbidden, the agent can still access authenticated Taobao state (orders, carts, browsing history) and open arbitrary URLs — actions that can expose private data or be abused to perform unwanted actions.
Install Mechanism
This is an instruction-only skill (no install spec or code). That lowers disk/execution risk. It does require the user to install/enable the Taobao Desktop client's MCP service — which is expected for its function.
Credentials
The skill declares no required env vars or credentials, but it instructs the user to set TAOBAO_MCP_URL and examples allow non-localhost addresses. Pointing TAOBAO_MCP_URL to a remote or attacker-controlled host would let that host receive session-level commands and access account data. Even with localhost, the MCP interface can expose authenticated account data (cart, orders, browsing history), which is sensitive and should be limited.
Persistence & Privilege
always:false (no forced install). The skill is callable autonomously by default (disable-model-invocation:false), which is platform normal. Autonomous invocation plus the ability to access account data and arbitrary MCP endpoints increases blast radius — consider restricting autonomous use if you don't trust the skill source.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install taobao-query - After installation, invoke the skill by name or use
/taobao-query - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Taobao product price query with MCP support. Features: specific model search, category analysis, cart/order viewing, smart connection handling.
Metadata
Frequently Asked Questions
What is Taobao Query?
Query Taobao product prices and information through MCP (Model Context Protocol). Use when the user asks about product prices, searches for items on Taobao,... It is an AI Agent Skill for Claude Code / OpenClaw, with 517 downloads so far.
How do I install Taobao Query?
Run "/install taobao-query" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Taobao Query free?
Yes, Taobao Query is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Taobao Query support?
Taobao Query is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Taobao Query?
It is built and maintained by EvenSix66 (@evensix66); the current version is v1.0.0.
More Skills