← 返回 Skills 市场
492
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install secure-shopper
功能描述
Asynchronous shopping research + checkout using secure-autofill (1Password-backed browser filling) with results recorded to workspace artifacts.
安全使用建议
This skill appears to do what it says (shop, use secure-autofill, save results) but has packaging and disclosure issues you should address before installing. Specifically:
- The helper scripts write artifacts to a hard-coded path (/home/miles/.openclaw/workspace/...), which reveals a user-specific path and will not work correctly for other users — ask the author to make this path configurable or relative to the current agent/workspace.
- The SKILL.md depends on a separate secure-autofill skill and mentions gateway environment variables (and a non-headless Chrome) but the manifest declares no required env vars or config paths; confirm what secrets or environment variables secure-autofill actually needs and whether those will be present and limited in scope.
- The skill uses vault_suggest/vault_fill to access credentials via secure-autofill. Verify you trust the secure-autofill implementation and understand which credentials it will expose and under what conditions (ensure explicit user confirmation before any checkout or purchase action).
- Because the skill spawns sub-agents that browse and can log in, test it in a safe/isolated environment (or with test accounts) first to confirm it respects the stated 'accept/deny' gate and doesn't place orders autonomously.
If you plan to use it: require the author to (1) remove hard-coded paths or make them configurable, (2) declare required env vars/config paths in the skill manifest, (3) document exactly what secure-autofill vault operations occur, and (4) provide a reproducible way to run onboarding that does not assume a specific home directory. If those changes are not made, treat installation as higher risk.
功能分析
Type: OpenClaw Skill
Name: secure-shopper
Version: 0.1.0
The skill bundle is designed for asynchronous shopping and checkout, leveraging a 'secure-autofill' skill for sensitive operations. The `SKILL.md` provides clear instructions for the AI agent, including explicit guardrails such as 'Never paste secrets' and mandatory user confirmation for checkout, mitigating prompt injection risks. The JavaScript utilities (`onboard.mjs`, `task_io.mjs`) perform file I/O strictly within the skill's configuration directory and a designated workspace artifact directory (`/home/miles/.openclaw/workspace/artifacts/secure_shopping/`), using `path.join` to prevent path traversal. There is no evidence of intentional malicious behavior, data exfiltration, unauthorized execution, or persistence mechanisms.
能力评估
Purpose & Capability
The skill's name/description (shopping + 1Password-backed autofill) align with its instructions and helper scripts that browse sites, use vault_suggest/vault_fill, and record candidates. However, the packaging omits explicit declarations for the secure-autofill prerequisites (gateway env vars, non-headless Chrome) and the scripts write to a hard-coded path (/home/miles/.openclaw/workspace/...) which does not match the skill metadata (requires no config paths). The hard-coded home directory is disproportionate to a portable skill and may not be appropriate for other users or environments.
Instruction Scope
Runtime instructions direct the agent to spawn sub-agents, run browser snapshots, and call external helper tools (vault_suggest/vault_fill) to fill credentials. The SKILL.md also mandates writing task artifacts to a specific filesystem location. The instructions assume the presence of secure-autofill and gateway env vars that are not declared in the skill manifest. While the skill claims a hard gate (require user accept/deny before checkout), the capability to log in and initiate checkout via secure-autofill means sensitive credentials and shopping actions could be used — the instructions should explicitly enumerate what secrets and confirmations are required.
Install Mechanism
There is no install spec (instruction-only with small helper scripts). This is low-risk from an installer perspective because no remote downloads or archive extraction occur.
Credentials
The manifest lists no required env vars or config paths, but the SKILL.md explicitly depends on the secure-autofill skill which itself requires gateway env vars and a working non-headless Chrome. The discrepancy (no declared credentials yet runtime use of vault_fill) is a proportionality mismatch: the skill enables use of secrets (via another skill) without declaring them or documenting the required scope. The hard-coded workspace path embeds a specific user identity (miles), which is not justified by the stated purpose and reduces portability/privacy.
Persistence & Privilege
always:false and normal autonomous invocation are fine. The skill writes artifacts to disk under its artifact directory (but with a hard-coded absolute path). It does not request system-wide configuration changes or alter other skills. Spawning sub-agents is part of its advertised behavior; combined with the vault-based autofill capability this increases the blast radius if sub-agents are allowed to act without strict user confirmation, though the SKILL.md states a hard accept/deny gate before checkout.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install secure-shopper - 安装完成后,直接呼叫该 Skill 的名称或使用
/secure-shopper触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial public release
元数据
常见问题
Secure Shopper 是什么?
Asynchronous shopping research + checkout using secure-autofill (1Password-backed browser filling) with results recorded to workspace artifacts. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 492 次。
如何安装 Secure Shopper?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install secure-shopper」即可一键安装,无需额外配置。
Secure Shopper 是免费的吗?
是的,Secure Shopper 完全免费(开源免费),可自由下载、安装和使用。
Secure Shopper 支持哪些平台?
Secure Shopper 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Secure Shopper?
由 Zhihao(@moodykong)开发并维护,当前版本 v0.1.0。
推荐 Skills