← 返回 Skills 市场
viphgta

唯品会活动搜索

作者 vip · GitHub ↗ · v1.0.5 · MIT-0
cross-platform ⚠ suspicious
171
总下载
1
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install vipshop-promotion-search
功能描述
唯品会(vip.com)促销活动查询技能。当用户想了解唯品会当前或近期活动信息时触发,包括但不限于: 查活动、看特卖、有没有促销、419/618/双11/周年庆/双12等大促信息、品牌特卖专场、限时狂秒、 今天什么在打折、哪些品牌在搞活动、活动什么时候结束等。 返回活动名称、活动时间、参与品牌、活动链接等结构化信...
安全使用建议
This skill's code matches its purpose: it reads a local tokens.json, uses the vip.com API, and formats results. The red flag is the runtime requirement to automatically install and invoke a separate vipshop-user-login skill (via 'clawhub install' or running '../vipshop-user-login/scripts/vip_login.py') and to proceed without explicit user consent. Before installing or enabling this skill, consider: 1) Require explicit user permission before any automatic install or execution of other skills. 2) Inspect the vipshop-user-login skill code and confirm its provenance (clawhub registry source). 3) Avoid allowing the agent to run relative-path scripts outside the skill directory unless you trust the source. 4) If you want to limit risk, run the login step manually and place a verified tokens.json at ~/.vipshop-user-login/tokens.json so the skill can run read-only queries. 5) If you must allow auto-login, review and verify the vipshop-user-login installer and runtime behavior first.
功能分析
Type: OpenClaw Skill Name: vipshop-promotion-search Version: 1.0.5 The skill facilitates Vipshop promotion searches but contains high-risk instructions in SKILL.md that command the AI to automatically install external skills ('clawhub install vipshop-user-login') and execute scripts from sibling directories ('../vipshop-user-login/scripts/vip_login.py') if a login is missing. The Python script (promotion_search.py) reads sensitive authentication tokens from '~/.vipshop-user-login/tokens.json' to interact with 'api.union.vip.com'. While these behaviors are plausibly intended for a seamless user experience, the automated installation of dependencies and cross-skill execution instructions represent a significant attack surface for potential supply-chain or prompt-injection exploitation.
能力评估
Purpose & Capability
The code and SKILL.md align with the stated purpose: querying vip.com promotion API and summarizing results. Requiring a login cookie and reading ~/.vipshop-user-login/tokens.json is coherent with accessing a protected API. However, the skill also mandates auto-installation and invocation of a different skill (vipshop-user-login) which is more than a simple dependency and deserves scrutiny.
Instruction Scope
The SKILL.md requires the agent to automatically detect login state, and if not logged in, to (without asking the user) install and invoke vipshop-user-login via 'clawhub install' or execute a sibling script ('../vipshop-user-login/scripts/vip_login.py --blocking'). That grants the agent authority to modify installed skills and execute code outside the skill's directory — scope creep beyond a read-only query skill.
Install Mechanism
There is no formal install spec in the registry for this skill, but the instructions tell the agent to run 'clawhub install vipshop-user-login' or execute a relative path script. Using clawhub may be legitimate, but the skill's implicit install-of-another-skill is not declared and executing a relative script path (../...) can run arbitrary code from outside the package — this raises elevated risk.
Credentials
The skill does not request environment variables or secrets in the manifest. It reads a specific local token file (~/.vipshop-user-login/tokens.json) to obtain cookies for the vip.com API; that is proportional to authenticating requests. The skill does not exfiltrate tokens to other endpoints in its code.
Persistence & Privilege
Although always:false and no persistent privileges are declared, the SKILL.md explicitly instructs installing and invoking another skill and executing its login script. That behavior modifies the agent environment (installs a skill, runs code) and can increase blast radius; auto-installation/invocation without explicit user consent is a privileged action and should be treated cautiously.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install vipshop-promotion-search
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /vipshop-promotion-search 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.5
- 增加了活动图片(bannerImg)字段的提取和展示,所有活动信息中新增图片链接。 - 用户查询促销活动时,将会在每个活动下显示对应的活动图片链接。 - 其余用法、流程、输出格式保持不变,依然支持自动登录与智能分组分析。 - 文档相关字段描述与用户输出展示均更新,明确包含活动图片内容。
v1.0.4
No detectable file changes; version unchanged. - No updates or modifications were made in this release. - Functionality, workflow, and user experience remain the same as the previous version.
v1.0.3
No file changes detected for version 1.0.3. - No updates or modifications in code or documentation were made in this version.
v1.0.2
No code or SKILL.md changes detected in this version. - No functional or documentation updates—no changes since the previous version. - Behavior, API, and user experience remain the same.
v1.0.1
- 明确要求AI必须先通过use_skill加载本skill规范,再执行脚本或返回结果,严禁绕过skill流程直接处理数据。 - 未登录时自动触发登录流程、优先通过vipshop-user-login skill,禁止让用户手动操作,细化行为规范表述。 - 强化“禁止行为”与“正确行为”区分,强调全程AI主动完成无需用户手动请求。 - 修正登录流程时调用vipshop-user-login的备选脚本路径示例(../vipshop-user-login/scripts/vip_login.py --blocking)。 - 其余功能、数据接口与输出格式无变化。
v1.0.0
- Initial release of vipshop-promotion-search skill. - Supports querying current and upcoming vip.com (唯品会) promotional events, including major sales, brand sessions, flash sales, and more. - Automatically detects login status and triggers the vipshop-user-login skill for QR code login if needed. - Provides structured results: event name, status, type, time range, participating brands, and direct links. - Includes intelligent analysis with grouping by status and event type, along with user-friendly summary output. - Covers user requests for promotional info on other platforms by checking if vip.com has matching event sessions.
元数据
Slug vipshop-promotion-search
版本 1.0.5
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 6
常见问题

唯品会活动搜索 是什么?

唯品会(vip.com)促销活动查询技能。当用户想了解唯品会当前或近期活动信息时触发,包括但不限于: 查活动、看特卖、有没有促销、419/618/双11/周年庆/双12等大促信息、品牌特卖专场、限时狂秒、 今天什么在打折、哪些品牌在搞活动、活动什么时候结束等。 返回活动名称、活动时间、参与品牌、活动链接等结构化信... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 171 次。

如何安装 唯品会活动搜索?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install vipshop-promotion-search」即可一键安装,无需额外配置。

唯品会活动搜索 是免费的吗?

是的,唯品会活动搜索 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

唯品会活动搜索 支持哪些平台?

唯品会活动搜索 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 唯品会活动搜索?

由 vip(@viphgta)开发并维护,当前版本 v1.0.5。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论