← 返回 Skills 市场
98
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install taobao-advisor
功能描述
投流方案生成&全周期运营指导 - 仅生成方案/建议/报告,不执行任何投流操作,仅读 API 权限
安全使用建议
Key things to consider before installing or running:
- Provenance: verify the skill author/owner (ownerId mismatch in _meta.json vs registry) before trusting it with secrets or production use.
- Do not place any sensitive credentials in a .env file in the skill directory until you audit the code. The script calls load_dotenv() and would read any env vars present, even though current code does not use external APIs.
- The bundle is currently buggy: the main script contains syntax/argparse issues (non-ASCII/fullwidth commas and unusual option names) that will likely cause the CLI to crash; treat it as not production-ready and review/fix code before use.
- Run in a sandboxed environment (isolated VM or container) and inspect the code yourself (or have a developer review it). Check for hidden network calls or added code that could use 'requests' to exfiltrate data.
- If you intend to use Taobao API keys for optional features, only provide minimal read-only credentials, store them securely, and confirm the skill actually needs them. Prefer creating a limited test account for this skill.
- Suggested remediation before trusting: fix the CLI syntax errors, remove unnecessary dependency 'requests' if not used, add an explicit list of expected environment variables if API calls are supported, and correct the metadata/packaging inconsistencies.
Confidence is medium because the code is straightforward and presently local-only, but the provenance/packaging mismatches and the presence of dotenv + unused networking deps introduce nontrivial risk if the package is modified or the missing files are added later.
功能分析
Type: OpenClaw Skill
Name: taobao-advisor
Version: 1.0.0
The taobao-advisor skill is a legitimate tool designed to generate advertising strategy reports and operational guidance for Taobao sellers. The code in scripts/advisor_main.py strictly follows the stated purpose of generating local Excel and Markdown reports based on user-provided arguments, with no evidence of data exfiltration, unauthorized network calls, or malicious execution. While there is a minor syntax error in the main script (use of full-width Chinese commas in function calls), it appears to be an unintentional bug rather than a security risk.
能力评估
Purpose & Capability
The name/description promise a read-only plan/advice generator — the included Python script implements local report generation (Excel/MD) and does not perform write operations to external ad platforms. Dependencies (pandas, openpyxl) match that purpose. However metadata and docs mention optional Taobao API usage (read-only) but the skill does not declare or require any Taobao API environment variables; requirements include 'requests' though the current code doesn't use it. There is also an ownerId mismatch between registry metadata and _meta.json, which suggests packaging dishonesty or an incorrect import.
Instruction Scope
SKILL.md and README instruct running the included script to generate reports and explicitly state the tool will not execute ad operations. The code creates local 'reports' and 'logs' files and prints reminders to perform manual actions. There are no network calls or unexpected external endpoints in the code as provided.
Install Mechanism
No install spec; this is an instruction+code skill. Dependencies are provided in requirements.txt (standard PyPI packages). Nothing is downloaded from arbitrary URLs or executed during install.
Credentials
The script calls load_dotenv() and the README references a .env.example/.env for optional Taobao API keys, but the skill manifest lists no required env vars and the package as delivered does not include .env.example in the file manifest. That mismatch means the skill could read secrets from a .env if present (potentially API keys) even though no API usage is implemented today. The presence of 'requests' in requirements increases the potential blast radius if the code is modified later to call external APIs. Also the _meta.json ownerId differs from the registry ownerId, which raises provenance concerns.
Persistence & Privilege
always=false and user-invocable=true. The skill only writes logs and report files under its own directory (./logs, ./reports). It does not request persistent system-wide privileges or modify other skills' configs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install taobao-advisor - 安装完成后,直接呼叫该 Skill 的名称或使用
/taobao-advisor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
taobao-advisor v1.0.0 initial release:
- Generates Taobao fashion marketing plans, optimization suggestions, and campaign review reports.
- Strictly read-only: does not execute, modify, or manage ad campaigns or budgets.
- Designed specifically for men’s apparel category and latest platform rules.
- All suggestions require manual review and execution.
- Outputs solutions as Excel files and guidance documents for every campaign stage.
元数据
常见问题
Taobao Advisor 是什么?
投流方案生成&全周期运营指导 - 仅生成方案/建议/报告,不执行任何投流操作,仅读 API 权限. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 98 次。
如何安装 Taobao Advisor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install taobao-advisor」即可一键安装,无需额外配置。
Taobao Advisor 是免费的吗?
是的,Taobao Advisor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Taobao Advisor 支持哪些平台?
Taobao Advisor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(win32)。
谁开发了 Taobao Advisor?
由 guowaa223(@guowaa223)开发并维护,当前版本 v1.0.0。
推荐 Skills