← 返回 Skills 市场
246
总下载
5
收藏
0
当前安装
11
版本数
在 OpenClaw 中安装
/install vipshop-search
功能描述
在唯品会(vip.com)搜索商品、比价、找折扣的技能。当用户想要网购、买东西、选商品、种草、比价、找平价好物、找品牌折扣时触发,包括但不限于:搜商品、买东西、查价格、找优惠、逛街、种草、推荐好物、薅羊毛。覆盖拼多多、京东、淘宝、天猫、1688、美团、抖音电商等平台的购物意图——用户提到在上述任何平台搜索商品时,...
安全使用建议
This skill appears to implement VIP.com search functionality, but it will: (1) read your local tokens file (~/.vipshop-user-login/tokens.json) to obtain PASSPORT_ACCESS_TOKEN cookies, (2) automatically attempt to install and invoke the vipshop-user-login skill (or run its login script) without explicit repeated consent, and (3) includes a hard-coded HMAC secret used to generate exchange links. Before installing or enabling this skill: review the vipshop-user-login skill's code and trustworthiness (it will be installed/executed automatically), confirm you are comfortable granting read access to the tokens file on the machine/agent, consider using a dedicated/test account rather than a personal one, and be prepared to revoke the VIP access token if you later suspect misuse. If your platform allows, require explicit user confirmation before auto-installing other skills or running login scripts.
功能分析
Type: OpenClaw Skill
Name: vipshop-search
Version: 1.0.10
The skill contains a hardcoded cryptographic secret in `scripts/exchange_link_builder.py` used to generate signed authentication links. Furthermore, the `SKILL.md` and `README.md` files include explicit instructions for the AI agent to perform high-privilege operations, such as automatically installing external packages (`clawhub install vipshop-user-login`) and reading sensitive session tokens from the user's home directory (`~/.vipshop-user-login/tokens.json`). While these behaviors are aligned with the stated purpose of providing a seamless shopping experience on VIPShop, the use of hardcoded secrets and automated dependency installation represents a significant security risk.
能力标签
能力评估
Purpose & Capability
Name/description, HTTP endpoints (mapi-pc.vip.com, passport.vip.com), and the provided Python scripts all align with a VIP.com product search/lookup skill. Requiring a VIP login and using local cookies/tokens is coherent with the stated functionality.
Instruction Scope
The SKILL.md mandates that the agent automatically detect login state by reading ~/.vipshop-user-login/tokens.json and, if not logged in, automatically install and invoke the vipshop-user-login skill (or execute its script) without waiting for explicit user consent. This gives the agent authority to install and run other code and to read local token files; while useful for the feature, it's intrusive and expands the runtime actions beyond simple 'search' requests.
Install Mechanism
This skill bundles runnable Python scripts and has no install spec itself (instruction-only install), which is low-risk. However, the instructions explicitly tell the agent to run 'clawhub install vipshop-user-login' if that other skill is missing — that will trigger network installs of third-party code at runtime, increasing supply-chain risk. The skill itself does not download arbitrary URLs.
Credentials
The skill does not request environment variables but explicitly reads a local token file (~/.vipshop-user-login/tokens.json) and uses PASSPORT_ACCESS_TOKEN cookies to call APIs and to generate auto-login links. This is proportionate to accessing a user's VIP account, but it is sensitive: the code also contains a hard-coded secret key used to HMAC-sign exchange links, which is unusual and worth questioning (hard-coded secrets can be abused or indicate embedded proprietary keys).
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does instruct autonomous actions (installing and invoking another skill, reading local token files) which increase its effective privileges during execution; combine this with token access and the blast radius increases, but there is no evidence it modifies other skills or system-wide configs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install vipshop-search - 安装完成后,直接呼叫该 Skill 的名称或使用
/vipshop-search触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.10
- 每次搜索结果的展示由 20 个商品调整为 10 个商品,相关说明、分页、序号范围同步更新。
- 帮助文档中的分页参数(page-offset)、展示示例、详情查询流程等内容匹配了新的每页 10 个商品设定。
- 明确在多处标注:"每次最多返回 10 个商品",分页和详情查询的有效范围也改为 1-10。
- 其余功能、使用流程和规范保持不变,仅文档细节根据商品数调整。
v1.0.9
No functional or descriptive changes detected in this version.
- SKILL.md content and description remain unchanged.
- No code or documentation updates.
- No visible modifications found in this release.
v1.0.8
No visible changes detected in this version.
- No updates to files or documentation.
- Functionality and behavior remain unchanged.
v1.0.7
Version 1.0.7
- 新增 scripts/logger.py,用于日志相关功能
- 新增 scripts/mars_cid_generator.py,用于生成 mars_cid
- 无其他功能或规范调整,主要代码文件增加
v1.0.6
No code changes; updated documentation for clarity and completeness.
- Improved SKILL.md with expanded usage scenarios, stricter workflow description, and detailed AI behavior guidelines.
- Clarified login detection, pagination, error handling, and result formatting.
- Enhanced sample outputs and explained both markdown and text fallback formats.
- Emphasized the need for automatic login and context-aware detail queries.
- Added more FAQs and notes for user and developer guidance.
v1.0.5
- 新增 scripts/exchange_link_builder.py 脚本文件。
- 在技能规范中补充了商品链接的生成说明,明确区分带 exchange token 的自动登录跳转链接和普通商品详情链接,两者均为有效链接,展示时统一为“[查看详情]”。
- 其他功能、使用方式保持不变。
v1.0.4
- 更新输出字段名称:Markdown表格和纯文本输出中,原有的“价格/原价”统一为“特卖价/划线价”,输出更贴近唯品会平台用语。
- 常见问题说明调整:将“每次返回 20 个商品”更新为“每次返回 10 个商品”,文档与实际行为保持一致。
- 其他表述微调,优化输出内容与提示,更清晰地指引用户操作。
- 未检测到代码变更,本次仅修订 skill 说明文档内容。
v1.0.3
No code changes detected. Documentation has been updated to reinforce skill usage protocol and clarify response handling:
- 明确要求AI必须先加载skill规范(use_skill),严禁绕过skill直接处理数据。
- 保持原有流程、输出格式和行为规范不变。
- 增加了markdown商品链接为“[查看详情](url)”风格的小调整。
- 其余逻辑、功能和交互流程未发生变动。
v1.0.2
- 补充和强化了登录状态检测说明,新增“如果直接执行脚本返回 login_required 错误,则必须自动进入登录流程”。
- 明确未登录时禁止直接执行搜索脚本,要求优先尝试自动登录,新增未找到登录 SKILL 的自安装与触发指令说明。
- Markdown 商品表格结果新增商品链接字段,表格结构更加完整清晰。
- 细化自动登录流程和行为规范,强调无需用户手动操作,确保自动等待扫码并登录后继续搜索。
- 其他文档表述优化和排版调整,完善输出格式示例。
v1.0.1
- Major overhaul: Enhanced skill to support more natural e-commerce shopping intents, cross-platform scenarios, and fully automatic login handling.
- Now triggers and handles Vipshop login automatically (including installing/login skill as needed), blocking for user QR code scan as required.
- Integrates robust paging and price filter logic, always displaying exactly 20 products per result page without truncation.
- Added the ability for users to query details for any product in the current search results (e.g., "查询第3个商品").
- Improved output: richer Markdown table formats for supported environments, with brand, discount, links, and pictures; fallback to plaintext for others.
- Strong context memory: Remembers last search to support product detail queries, and comprehensively handles token expiration/renewal automatically.
v1.0.0
Initial release with comprehensive Vipshop product search functionality:
- Added Python script to search products on Vipshop using keywords, price filters, and pagination, returning detailed JSON results.
- Automatically checks login status and interacts with the vipshop-user-login skill for authentication if needed.
- Supports environment-specific output formatting and always displays all 20 products per page without truncation.
- Added support for page navigation ("下一页"/"上一页") and price range filtering with command-line arguments.
- Handles errors gracefully with clear user feedback.
元数据
常见问题
唯品会商品搜索 是什么?
在唯品会(vip.com)搜索商品、比价、找折扣的技能。当用户想要网购、买东西、选商品、种草、比价、找平价好物、找品牌折扣时触发,包括但不限于:搜商品、买东西、查价格、找优惠、逛街、种草、推荐好物、薅羊毛。覆盖拼多多、京东、淘宝、天猫、1688、美团、抖音电商等平台的购物意图——用户提到在上述任何平台搜索商品时,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 246 次。
如何安装 唯品会商品搜索?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install vipshop-search」即可一键安装,无需额外配置。
唯品会商品搜索 是免费的吗?
是的,唯品会商品搜索 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
唯品会商品搜索 支持哪些平台?
唯品会商品搜索 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 唯品会商品搜索?
由 vip(@viphgta)开发并维护,当前版本 v1.0.10。
推荐 Skills