← 返回 Skills 市场
bewithgaurav

Zepto

作者 bewithgaurav · GitHub ↗ · v1.0.6
cross-platform ⚠ suspicious
1607
总下载
2
收藏
1
当前安装
7
版本数
在 OpenClaw 中安装
/install zepto
功能描述
Order groceries from Zepto in seconds. Just say what you need, get a payment link on WhatsApp, pay on your phone, done. Remembers your usual items. Works across India where Zepto delivers.
安全使用建议
What to check before installing/using this skill: 1) WhatsApp sending: verify how payment links are sent. The SKILL.md claims WhatsApp will receive the link, but the repo lacks explicit WhatsApp-sending code — confirm your platform-level WhatsApp channel is configured and that the skill will not ask you to paste credentials or send messages via an untrusted third party. 2) Review scraping behavior: the skill visits your Zepto account order pages and scrapes DOM text. Inspect zepto-parser.js and the scraping steps to ensure only item names and counts are saved. If you have sensitive address or order metadata in those pages, test scraping in a disposable account or profile first. 3) Check local storage: order-history.json is written to your skill directory (~/.openclaw/skills/zepto/). Inspect the file after running and delete it if you don't want a local shopping history. Make sure it doesn't accidentally include addresses/phone numbers. 4) Limit autonomous actions: if you are uncomfortable with the skill acting without an explicit prompt, disable autonomous invocation for this skill in your agent settings (or run it only on-demand). The code contains an agent component capable of performing browser actions. 5) Test in a safe environment: run initial tests with a throwaway Zepto account or in a separate browser profile to observe behavior, and watch for unexpected network activity or captured data. 6) Code review: if you will rely on this skill, have someone with Node/browser-automation familiarity quickly review zepto-agent.js, zepto-ops.js, and zepto-parser.js to validate that only the intended fields are captured and that no hidden network endpoints or credentials are used. If you can't verify the WhatsApp flow or are unable to confirm the scraper only captures item names, treat the skill with caution.
功能分析
Type: OpenClaw Skill Name: zepto Version: 1.0.6 The OpenClaw skill bundle is classified as benign. Its primary function is to automate grocery ordering on Zepto.com using browser automation, which is a powerful but necessary capability for its stated purpose. The skill is transparent about its actions, explicitly disclaims malicious behaviors (e.g., no automatic payments, no external data transmission beyond Zepto.com and WhatsApp, no credential storage, no persistent background jobs), and the code aligns with these statements. Instructions in `SKILL.md` guide the AI agent to follow safe operational procedures, such as always confirming the address and checking the cart, rather than attempting prompt injection for malicious ends. Local file storage for `order-history.json` is disclosed and used for a legitimate 'usuals' feature. While browser JavaScript execution (`browser act request='{"fn":"..."}'`) is a high-risk capability, the provided JavaScript is confined to Zepto.com DOM manipulation for the skill's intended functionality.
能力评估
Purpose & Capability
The skill name/description (Zepto grocery ordering) matches the code and SKILL.md: it automates Zepto via the OpenClaw browser tool and stores a local order history. It requests only browser.enabled (expected). However, SKILL.md/README claim it will "send payment links via WhatsApp" but the included codebase does not contain an explicit WhatsApp API integration or code that clearly constructs/sends WhatsApp messages; the README relies on a pre-configured WhatsApp channel at the platform level. This is plausible but not implemented in the repo — an implementation gap the user should verify.
Instruction Scope
The runtime instructions and code perform DOM scraping of the user's Zepto account pages (visiting delivered order URLs and extracting lines of text) and then write aggregated data to a local file ({SKILL_DIR}/order-history.json). While extracting item names is the stated purpose, the scraper visits full order pages and could inadvertently capture additional personal data (addresses, order metadata) unless the extraction is strictly filtered. The SKILL.md/SECURITY.md assert only item names are stored, but that guarantee depends on the scraper's correctness — the scraping instructions are broad and could capture more than claimed.
Install Mechanism
There is no install spec (instruction-only install) — the code runs using Node.js and the OpenClaw browser tool already present. No remote downloads or external install URLs are present. That lowers surface risk; however the package contains executable agent code (zepto-agent.js, zepto-ops.js) which will be run locally and can control the browser and write files.
Credentials
The skill requests no environment secrets and only needs browser.enabled, which is appropriate for a browser automation skill. However, browser control is a high-scope permission: any skill with browser access can interact with arbitrary sites the logged-in user has sessions for (cookies, other services). The declared lack of credential access (no OTP storage, no payment storage) is reasonable, but you must trust that the skill's scraping and parsing logic won't capture or persist extra sensitive info from pages.
Persistence & Privilege
The skill is not marked always:true and does not request background cron jobs; the PUBLISH_CHECKLIST and SECURITY.md assert no persistent background jobs. However, the repo includes an autonomous executor (zepto-agent.js described as "Autonomous Task Executor") and the platform default allows model invocation. That means the skill —if the model or agent is permitted— could run these browser actions autonomously. This is expected for skills but increases blast radius; if you don't want autonomous browser actions, consider disabling model invocation for this skill.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install zepto
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /zepto 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.6
Added programmatic address selection with fuzzy matching. Use 'node zepto-agent.js select-address <name>' to switch addresses easily.
v1.0.5
Improved: Much better description with real examples. Clear, concise, user-friendly. Shows actual usage and highlights 30-second ordering flow.
v1.0.4
Security: Completely removed ALL cron job functionality. Order verification only on explicit user 'DONE' message. Payment message now explicitly asks user to inform when paid.
v1.0.3
Security: Removed cron jobs, added SECURITY.md, removed all personal data. Improved: Address confirmation mandatory, smart cart clearing, payment verification. Fixed: Cart persistence after payment.
v1.0.2
Improved: Address confirmation mandatory, smart cart clearing, payment verification. Fixed: Cart persistence.
v1.0.1
- Added detailed documentation files: ARCHITECTURE.md, functions.md, ZEPTO_AUTH.md, LEARNINGS.md, PROGRESS.md, and NO-SCREENSHOTS.md. - Introduced order-history.json and scraper.js to enable automated retrieval and tracking of Zepto order history. - Added capabilities.js and auto-scrape.sh for feature extensibility and automation. - SKILL.md updated with streamlined instructions and enhanced modularization. - Overall improvement in codebase organization for maintainability and onboarding.
v1.0.0
Zepto Skill v1.0.0 - Introduces full Zepto automation: login/authentication, address selection, smart grocery shopping with personalized recommendations, and payment link creation. - Automated order history scraping to track and prioritize your most-ordered items for recommendations and "add to cart" actions. - Step-by-step conversation flows for authentication, address confirmation, shopping, and payment—optimized for typical Zepto workflows. - Smart selection: If you’ve ordered an item 2+ times, it’s auto-picked; otherwise, you’re shown the best options for manual choice. - Order history can be updated on demand via web automation, keeping recommendations fresh and accurate. - Supports "explore" and "discovery" shopping scenarios, with browsing and category navigation built in.
元数据
Slug zepto
版本 1.0.6
许可证
累计安装 1
当前安装数 1
历史版本数 7
常见问题

Zepto 是什么?

Order groceries from Zepto in seconds. Just say what you need, get a payment link on WhatsApp, pay on your phone, done. Remembers your usual items. Works across India where Zepto delivers. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1607 次。

如何安装 Zepto?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install zepto」即可一键安装,无需额外配置。

Zepto 是免费的吗?

是的,Zepto 完全免费(开源免费),可自由下载、安装和使用。

Zepto 支持哪些平台?

Zepto 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Zepto?

由 bewithgaurav(@bewithgaurav)开发并维护,当前版本 v1.0.6。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论