← 返回 Skills 市场
🔌

唯品会商品详情

作者 vip · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
91
总下载
4
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install vip-product-detail
功能描述
唯品会(vip.com)商品详情查询技能。当用户想查看某件商品的详细信息时触发,包括但不限于:看商品详情、查规格尺码、 看商品图片、查活动优惠、看用户评价、问商品是否打折、确认库存、查品牌介绍等。 支持通过商品ID或商品链接查询,返回完整商品信息:价格、原价、折扣、优惠活动、商品图片、 买家评价、品牌信息等结构化...
安全使用建议
Before installing, consider these points: - This skill will read and use your local login state file ~/.vipshop-user-login/tokens.json, including cookies and the PASSPORT_ACCESS_TOKEN — these are authentication credentials for your VIP account. If you don't want the skill to access these credentials, do NOT install or run it. - The skill's runtime instructions require automatically installing and invoking another skill (vipshop-user-login) if it's not present. Automatic installation and automatic triggering of a login flow (displaying a QR and waiting for scan) will happen without an explicit per-install/user confirmation unless you override it — review the vipshop-user-login skill code before allowing install. - The code contains a hard-coded secret used to sign exchange-token links. Hard-coded secrets are risky; ask why the secret is required and whether it is legitimate and safe to include in the skill. - If you plan to use this skill: (1) inspect the vipshop-user-login skill implementation before allowing clawhub to install it, (2) check and back up ~/.vipshop-user-login/tokens.json and device files, (3) consider disabling automatic install/invocation in the SKILL.md or running the detail.py script manually after you confirm login, and (4) do not enable DEBUG in exchange_link_builder so tokens are not printed to stderr. - If you are unsure, treat this as sensitive: require the agent to prompt you before installing or using your login tokens, and only proceed after reviewing the login skill's source and confirming the design.
功能分析
Type: OpenClaw Skill Name: vip-product-detail Version: 1.0.1 The skill exhibits high-risk capabilities including the handling of sensitive authentication tokens from the user's home directory (~/.vipshop-user-login/tokens.json) and instructions in SKILL.md that direct the AI to automatically install other packages (clawhub install) and execute scripts from sibling directories. While these behaviors are aligned with the stated purpose of querying Vipshop product details, the use of hardcoded secrets in scripts/exchange_link_builder.py for HMAC signing and the automated installation of external skills represent a significant attack surface for prompt injection and unauthorized execution.
能力标签
requires-sensitive-credentials
能力评估
Purpose & Capability
The code and instructions align with the stated purpose: querying VIP product detail APIs requires a login token and a device id (mars_cid), and the scripts read ~/.vipshop-user-login/tokens.json and call VIP APIs. Asking for/using a local login token and generating exchange links is consistent with providing automatic logged-in product links. However, the skill also instructs automatic installation and invocation of a separate vipshop-user-login skill without explicit user consent, which is beyond a simple 'read-only product-info' helper.
Instruction Scope
SKILL.md mandates automatic detection of login state, automatic installation (clawhub install vipshop-user-login) and automatic invocation of the vipshop-user-login skill (or running ../vipshop-user-login/scripts/vip_login.py --blocking) without requiring an explicit user confirmation. It also tells the agent to read ~/.vipshop-user-login/tokens.json to obtain cookies/PASSPORT_ACCESS_TOKEN. Automatic installation and triggering of another skill plus silent access to local token files broadens scope and raises consent/privacy concerns.
Install Mechanism
There is no bundled install spec for this skill itself (files are provided). But the runtime instructions instruct the agent to execute 'clawhub install vipshop-user-login' if that login skill is missing — which will download and install external code at runtime. That external install step is a higher-risk action compared to purely local operation and should be subject to user approval and code review of the installed login skill.
Credentials
The scripts read the local file ~/.vipshop-user-login/tokens.json and extract cookies including PASSPORT_ACCESS_TOKEN (sensitive authentication credential) and use mars_cid device id. Using those credentials is proportionate to creating logged-in product links, but the skill does not declare this sensitive access in metadata and demands automatic reading/extraction. Additionally, exchange_link_builder contains a hard-coded secret key used to sign exchange links; embedding such a secret in code is unusual and should be justified or rotated. Overall, credential access is sensitive and warrants explicit disclosure and user consent.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills' configs, but it does persist device info under ~/.vipshop-user-login/device.json via mars_cid generator and will cause the agent to install and run another skill (vipshop-user-login) when needed. That level of persistence (creating/reading files in the user's home dir and invoking installs) is significant and should be made explicit to the user before the skill runs.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install vip-product-detail
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /vip-product-detail 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- 修正技能名称描述中的拼写错误(vipshop-product-detail 一致化)。 - 文档内容无实质更动,仅对技能名称进行标准化处理。 - 功能、使用流程和输出规范未变,保持与之前版本一致。
v1.0.0
vipshop-product-detail 1.0.0 初始发布 - 新增唯品会商品详情查询技能,支持通过商品ID或链接查询商品主信息 - 需先通过 vipshop-user-login skill 扫码登录,AI 会自动检测并处理登录流程 - 严格卡片式分区输出:商品图片、标题、价格、优惠、服务、正品信息、评价、商品链接 - 自动处理登录态失效,主动触发扫码登录、无须用户重复操作 - 跳过缺失字段,避免冗余或重复内容,输出高可读性商品卡片
元数据
Slug vip-product-detail
版本 1.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

唯品会商品详情 是什么?

唯品会(vip.com)商品详情查询技能。当用户想查看某件商品的详细信息时触发,包括但不限于:看商品详情、查规格尺码、 看商品图片、查活动优惠、看用户评价、问商品是否打折、确认库存、查品牌介绍等。 支持通过商品ID或商品链接查询,返回完整商品信息:价格、原价、折扣、优惠活动、商品图片、 买家评价、品牌信息等结构化... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 91 次。

如何安装 唯品会商品详情?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install vip-product-detail」即可一键安装,无需额外配置。

唯品会商品详情 是免费的吗?

是的,唯品会商品详情 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

唯品会商品详情 支持哪些平台?

唯品会商品详情 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 唯品会商品详情?

由 vip(@vip)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论