← 返回 Skills 市场
88
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install pdd-rebate
功能描述
返利宝统一技能。只按 3 个用户场景工作:S01 授权与教程、S02 链接返利、S03 商品搜索。用户说“返利”“教程”“详细教程”“提现教程”“提现10元”“确认提现”“我已授权”“账户余额”等走 S01;发送淘宝、京东、拼多多商品链接走 S02;表达想买什么商品时走 S03。S03 的职责是提取商品搜索信息,...
安全使用建议
This skill appears to implement the claimed rebate flows, but exercise caution before installing or authorizing it: 1) The skill directs users to a custom domain (xiaomaxiangshenghuo.io.mlj130.com) for authorization and following a public account — verify this service and its privacy policy before completing any authorization. 2) The skill requires execution of included Node scripts and will call remote APIs (search/create rebate/withdraw) and persist a local machine code/openid — do not provide sensitive credentials or payment info unless you trust the operator. 3) The SKILL.md forces returning script output verbatim (including links), so the assistant will not add safety warnings; be careful clicking links returned by the skill. If you need higher assurance, ask the publisher for a homepage, source/organization identity, or run the skill in a sandboxed environment and inspect network calls (or review common.js to see exact backend URLs) before authorizing any account bindings.
功能分析
Type: OpenClaw Skill
Name: pdd-rebate
Version: 1.0.1
The skill bundle implements a rebate assistant that uses system-level calls (spawnSync with curl) in 'scripts/common.js' to perform network requests and fetch external HTML. It collects and persists sensitive identifiers, including the OpenClaw deviceId (as a machine_code) and user openids, which are transmitted to a remote service (rebate-skill.io.mlj130.com) to facilitate product searches and financial withdrawals. While these capabilities are consistent with the stated purpose of a rebate tool, the combination of system-level execution, financial transaction handling, and strict 'Hard Constraints' in 'SKILL.md'—which forbid the AI agent from adding any context or explanations to tool outputs—presents a high-risk profile that could be used to mask unauthorized actions or exploit the underlying system if input sanitization is bypassed.
能力评估
Purpose & Capability
Skill claims to be a unified rebate assistant (PDD/淘宝/京东) and the code implements link recognition, product search, lease/apply and withdraw flows that align with that purpose. Minor mismatch: registry name emphasizes 拼多多 but code supports tb/jd/pdd — not dangerous but worth noting.
Instruction Scope
SKILL.md enforces that script stdout must be returned verbatim and forbids adding any extra explanation. Scripts produce external URLs and user-facing auth/follow links; the combination prevents the assistant from adding safety/contextual warnings or sanitizing returned text. The runtime also requires executing scripts that may call remote APIs and return HTML/links directly to the user.
Install Mechanism
Registry lists 'no install spec' (instruction-only) but the bundle contains many runnable Node scripts and build instructions in SKILL.md. That mismatch is noteworthy: the skill will execute code shipped with the package rather than being purely instruction-only; there is no package install URL but local scripts will be executed.
Credentials
No declared environment variables or secrets, which is reasonable. However the code calls external rebate backend APIs (search, create rebate link, withdraw, etc.) and uses a custom domain (xiaomaxiangshenghuo.io.mlj130.com) for auth/follow/landing pages. The skill saves a local 'machine code' and openid binding — this stores user identifiers locally and exchanges them with the remote service. Users should verify the third-party domain before authorizing.
Persistence & Privilege
always:false. The skill persists local state (machine code, openid binding, pending auth requests) for its own flows but does not request system-wide privileges or modify other skills. That persistence is expected for an auth-flowed service, but combined with the enforced verbatim-return rule it increases risk of returning unvetted links.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pdd-rebate - 安装完成后,直接呼叫该 Skill 的名称或使用
/pdd-rebate触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
**提现流程和话术升级:本版本新增提现流程路由与话术,完善对提现场景(如“提现10元”“确认提现”)的识别与处理。**
v1.0.0
拼多多返利技能 v1.0.0
- 首发版本,覆盖京东、拼多多、淘宝三大平台的返利场景。
- 支持三大核心能力:商品链接返利、商品搜索返利、返利教程与账户查询。
- 明确按 S01(授权和教程)、S02(链接返利)、S03(商品搜索)三个用户场景路由处理用户请求。
- 所有重要脚本和接口调用输出,均以 md 格式原样返回用户。
- 强制执行统一入口和严格的消息处理约束,杜绝接口输出外的自定义话术。
- 全流程支持授权、返利链接生成、商品搜索和账户余额等操作。
元数据
常见问题
拼多多返利 是什么?
返利宝统一技能。只按 3 个用户场景工作:S01 授权与教程、S02 链接返利、S03 商品搜索。用户说“返利”“教程”“详细教程”“提现教程”“提现10元”“确认提现”“我已授权”“账户余额”等走 S01;发送淘宝、京东、拼多多商品链接走 S02;表达想买什么商品时走 S03。S03 的职责是提取商品搜索信息,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 88 次。
如何安装 拼多多返利?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pdd-rebate」即可一键安装,无需额外配置。
拼多多返利 是免费的吗?
是的,拼多多返利 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
拼多多返利 支持哪些平台?
拼多多返利 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 拼多多返利?
由 wuweizhen(@skyfile)开发并维护,当前版本 v1.0.1。
推荐 Skills