← 返回 Skills 市场
haresh-sai06

Haresh Product Search

作者 Haresh Sainaath S · GitHub ↗ · v1.0.2
cross-platform ⚠ suspicious
425
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install haresh-product-search
功能描述
Search e-commerce products via n8n webhook integration
使用说明 (SKILL.md)

Product Search Skill

Purpose

Enables users to search for products in the e-commerce catalog using natural language queries.

When to Use

  • User asks to find products, search inventory, or browse catalog
  • User mentions specific product types, categories, or brands
  • User provides price constraints or filtering requirements

Workflow

  1. Parse user intent to extract search parameters:

    • Product category (e.g., "running shoes", "laptops")
    • Price constraints (e.g., "under $100", "between $50-$200")
    • Sort preferences (e.g., "cheapest first", "highest rated")

  2. Transform parameters into JSON payload with category, price_min, price_max, sort_by

  3. Use exec tool to POST to n8n webhook at http://localhost:5678/webhook/product-search

  4. Parse n8n response and present results to user in friendly format

Parameter Mapping

  • Category synonyms: "gym shoes" becomes "fitness", "sneakers" becomes "footwear"
  • Price parsing: "under X" sets price_max to X
  • Sort options: "cheapest" sorts price ascending, "best" sorts by rating

Error Handling

  • If no results: Suggest broader search terms
  • If webhook fails: Inform user search service is unavailable
  • If timeout: Ask if user wants to wait or retry\r
安全使用建议
This skill is internally inconsistent and should not be used until corrected. Key things to check or require from the author before installing: - Provide a configurable webhook URL (e.g., N8N_WEBHOOK_URL) declared in requires.env instead of a hard-coded placeholder. - Resolve the mismatch between SKILL.md (which instructs an exec POST to localhost) and index.js (which does a fetch to an external placeholder). Confirm whether the webhook target is meant to be localhost or an external n8n instance. - If the webhook will be an external endpoint, verify the endpoint is trusted and requires authentication; do not allow the skill to post arbitrary user data to an untrusted third party. - Prefer returning the tool behavior in code and keep SKILL.md instructions aligned and specific (avoid open-ended exec guidance that could run arbitrary shell commands). - Ask the author for a new release with proper configuration, documented auth requirements (if any), and matching docs/code before enabling the skill. If you must test, run it in an isolated environment with network egress controls so you can observe and restrict where it posts.
功能分析
Type: OpenClaw Skill Name: haresh-product-search Version: 1.0.2 The SKILL.md file instructs the AI agent to use an 'exec' tool to make a POST request to 'http://localhost:5678/webhook/product-search'. This explicit instruction to interact with a local address via an 'exec' tool represents a potential Server-Side Request Forgery (SSRF) or local service interaction vulnerability. While the intent might be to connect to a legitimate local n8n instance, this capability, if the agent's execution environment is not properly sandboxed, could be exploited to access or manipulate other services on the host. The index.js file contains a placeholder URL, which is not directly malicious but highlights the skill's incomplete configuration.
能力评估
Purpose & Capability
The skill claims to integrate with an n8n webhook (reasonable for a product-search skill). However, there is no declared or required webhook URL or configuration. The code hard-codes a placeholder URL (https://your-n8n-webhook-url) instead of reading a configurable environment variable, so the skill as packaged cannot reliably reach the intended service. That omission is disproportionate to the stated purpose and suggests incomplete/incorrect packaging.
Instruction Scope
SKILL.md tells the agent to use an exec tool to POST to http://localhost:5678/webhook/product-search, while the actual runtime code (index.js) performs a fetch to a different placeholder URL (https://your-n8n-webhook-url). This conflict is material: following SKILL.md would try to contact localhost, while invoking the provided tool runs code that contacts an external URL. The instructions do not request reading unrelated files or secrets, but the mismatch creates ambiguity about outbound network targets (local vs external), which is a security-relevant inconsistency.
Install Mechanism
No install spec is provided (instruction-only with a small code file). That minimizes disk-install risk — nothing is downloaded from remote installers during installation.
Credentials
The skill declares no required environment variables or credentials, but its code needs a webhook URL to function and instead contains a hard-coded placeholder. A properly designed webhook integration would require a configurable URL (and possibly an API key) declared in requires.env. The lack of declared configuration means either the package is incomplete or it expects a developer to edit the code, both of which are problematic from a security/operational standpoint.
Persistence & Privilege
The skill does not request persistent/all-skill privileges (always:false) and does not modify other skills. Normal autonomous invocation is allowed by default but is not combined with other red flags here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install haresh-product-search
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /haresh-product-search 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- Initial implementation of haresh-product-search skill. - Enables natural language product searches via n8n webhook integration. - Added support for parsing product categories, price constraints, and sorting preferences. - Returns user-friendly results or appropriate error messages if search fails or yields no results.
v1.0.1
- Added a _meta.json metadata file for improved skill management and compatibility. - No changes to existing skill functionality or documentation.
v1.0.0
Initial release of haresh-product-search skill - Enables users to search e-commerce products using natural language queries. - Supports product category, price constraints, and sorting preferences. - Integrates with an n8n webhook for backend search processing. - Handles errors gracefully with user-friendly messaging.
元数据
Slug haresh-product-search
版本 1.0.2
许可证
累计安装 1
当前安装数 1
历史版本数 3
常见问题

Haresh Product Search 是什么?

Search e-commerce products via n8n webhook integration. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 425 次。

如何安装 Haresh Product Search?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install haresh-product-search」即可一键安装,无需额外配置。

Haresh Product Search 是免费的吗?

是的,Haresh Product Search 完全免费(开源免费),可自由下载、安装和使用。

Haresh Product Search 支持哪些平台?

Haresh Product Search 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Haresh Product Search?

由 Haresh Sainaath S(@haresh-sai06)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论