← 返回 Skills 市场
jasonahorn

Kroger Api.Skill

作者 jasonahorn · GitHub ↗ · v1.0.0
cross-platform ✓ 安全检测通过
639
总下载
1
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install kroger-api-skill
功能描述
Search Kroger/QFC products, manage cart, check pickup availability, and create pickup orders using the official Kroger API.
使用说明 (SKILL.md)

Kroger/QFC API Skill

Overview

Skill for searching Kroger/QFC products, managing cart, checking pickup availability, and creating pickup orders. Uses official Kroger API. QFC chain ID: 213.

Setup

  1. Sign up at developer.kroger.com, create app.
  2. Add redirect URI e.g. http://localhost
  3. Scopes: product.compact locations.read fulfillment.readwrite orders.pickup.create
  4. Edit state.json: add client_id, client_secret, chain_id: "213"
  5. OAuth:
    • python3 scripts/client.py --state state.json oauth-url
    • Visit URL, login, authorize.
    • Copy code from redirect (e.g. http://localhost?code=ABC123)
    • python3 scripts/client.py --state state.json oauth-exchange ABC123

Usage (via exec)

Run from workspace root:

Search products

python3 kroger-api.skill/scripts/client.py search \"milk\" --chain-id 213 --limit 5

Output: JSON products with id (UPC), attributes.description, attributes.brand etc.

Find locations

python3 kroger-api.skill/scripts/client.py locations 98101 --chain-id 213

Output: locations with id, attributes.address.addressLine1 etc.

Cart (local)

python3 kroger-api.skill/scripts/client.py cart-add 0001111101001 2  # UPC qty
python3 kroger-api.skill/scripts/client.py cart-get
python3 kroger-api.skill/scripts/client.py cart-clear

Check availability

python3 kroger-api.skill/scripts/client.py availability LOC123 --items '[{"upc":"UPC","quantity":1}]'

Create order

python3 kroger-api.skill/scripts/client.py order-create LOC123 \"2026-02-14T10:00:00Z\" --items '[{"upc":"UPC","quantity":1}]'

Grocery list integration

Create grocery-list.txt:

milk
bread
eggs

python3 kroger-api.skill/scripts/client.py grocery --zip 98101

Lists items & locations. Agent: for each item search, pick UPC (e.g. first result), add_to_cart, then availability, order.

Agent Workflow Example

  1. User: "Add milk and eggs to Kroger cart"
  2. Search "milk", pick UPC1, cart-add
  3. Search "eggs", pick UPC2, cart-add
  4. User: "Find QFC near 98101" → locations
  5. Set location-set LOC
  6. cart-get → items
  7. availability → pick slot
  8. order-create with slot time.

State

state.json: tokens, cart, location_id.

Notes

  • Endpoints based on Kroger API docs. Verify at developer.kroger.com/reference
  • UPC from products.id
  • Pickup datetime: ISO 8601 UTC
  • Errors: check API response
  • Token auto-refreshes.

Package as kroger-api.skill/

安全使用建议
What to consider before installing/using this skill: - It is coherent: it uses the official Kroger API endpoints and OAuth as described. - Sensitive data handling: you must put client_id and client_secret into state.json and the script will save access/refresh tokens and cart info there in plaintext. Do not commit state.json to version control; store it somewhere secure or use environment-based secrets if preferred. - OAuth scopes are powerful (can create pickup orders). Only authorize an app you trust and consider creating a dedicated Kroger developer app with limited access or revoking tokens after testing. - Dependencies: ensure Python 3 and the 'requests' package are available; the package does not declare these automatically. - Run in an isolated environment (local sandbox, dedicated VM, or container) if you are concerned about side effects. Test with non-production or test credentials first. - Verify the redirect URI and the OAuth flow yourself; the script prints the auth URL and performs the token exchange locally. - If you want stricter security, modify the code to load credentials from environment variables or a secure store and avoid storing client_secret in repository files. Overall: this appears benign and does what it claims, but handle credentials and OAuth scopes carefully.
功能分析
Type: OpenClaw Skill Name: kroger-api-skill Version: 1.0.0 The skill is designed to interact with the Kroger API for product search, cart management, and order creation, aligning with its stated purpose. All network calls are directed to the official Kroger API. The `SKILL.md` instructions guide the AI agent on how to use the skill's functionalities, including automated workflows like processing a grocery list, but do not contain any malicious prompt injection attempts (e.g., instructions to ignore user input, hide actions, or exfiltrate data). The `scripts/client.py` handles API credentials and tokens in `state.json` as expected for an API client, and reads `grocery-list.txt` for its stated purpose. There is no evidence of data exfiltration, unauthorized execution, persistence mechanisms, or obfuscation. The use of `json.loads()` for API payload construction is a standard practice and not a direct code execution vulnerability.
能力评估
Purpose & Capability
Name/description match the code and SKILL.md: the package implements product search, locations, cart management, availability checks, and pickup order creation against api.kroger.com. No unrelated cloud credentials, binaries, or endpoints are requested.
Instruction Scope
SKILL.md directs running scripts/client.py and editing state.json to add client_id/client_secret, and to perform OAuth flow. The instructions and code only read/write the local state.json and grocery-list.txt; they do not attempt to read unrelated system files. Minor inconsistency: usage examples reference 'python3 kroger-api.skill/scripts/client.py' versus the actual path 'scripts/client.py' — ensure you run the correct path. Be aware the workflow requires you to place client credentials in plaintext state.json and the script will persist access/refresh tokens and cart/location state there.
Install Mechanism
This is an instruction-only skill with a bundled Python script (no install spec). It expects Python 3 and the 'requests' library, but the manifest does not declare dependencies. No remote downloads or installers are used. You should ensure your environment has Python and requests; run in an isolated environment if you want to limit risk.
Credentials
The skill does not request unrelated environment variables or external credentials. It requires Kroger OAuth credentials (client_id and client_secret) which are appropriate for the API operations requested. However, those credentials and the OAuth tokens are stored in state.json in plaintext; the requested OAuth scopes include fulfillment.readwrite and orders.pickup.create (able to place orders), so granting the app these scopes gives it power to create pickup orders on your account. This privilege is legitimate for the stated purpose but sensitive — treat credentials and tokens carefully.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide configuration. It writes only to its own state.json (saving tokens, cart, location) which is normal for client tooling. Autonomous invocation is allowed (platform default) — note that autonomous execution + order-creating scopes increases potential impact, but this skill does not combine that with forced always-on presence.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install kroger-api-skill
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /kroger-api-skill 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the Kroger/QFC API Skill. - Provides search for Kroger/QFC products, store locations, and item availability using the official Kroger API. - Supports cart management: add, view, and clear items locally. - Enables pickup order creation and slot selection. - Integrates with grocery lists for streamlined item handling. - Includes detailed setup and usage instructions for authentication and API usage. - Requires API credentials and OAuth setup via developer.kroger.com.
元数据
Slug kroger-api-skill
版本 1.0.0
许可证
累计安装 2
当前安装数 2
历史版本数 1
常见问题

Kroger Api.Skill 是什么?

Search Kroger/QFC products, manage cart, check pickup availability, and create pickup orders using the official Kroger API. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 639 次。

如何安装 Kroger Api.Skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install kroger-api-skill」即可一键安装,无需额外配置。

Kroger Api.Skill 是免费的吗?

是的,Kroger Api.Skill 完全免费(开源免费),可自由下载、安装和使用。

Kroger Api.Skill 支持哪些平台?

Kroger Api.Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Kroger Api.Skill?

由 jasonahorn(@jasonahorn)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论