🛒 buyer-agent — AI代下单

v0.1.0

为你自动比价、下单的智能购物助手，支持多平台商品搜索、价格监控与优惠叠加，一站式完成从选购到支付的全流程。

0· 134·0 当前·0 累计

by @hanxueyuan

智能体自动化

下载技能包

最后更新

2026/4/1

安全扫描

VirusTotal

无害

查看报告

OpenClaw

可疑

medium confidence

The skill description promises an autonomous shopping/buying agent but the instructions are vague about how purchases or platform integrations work and it does not declare any required credentials or endpoints — the capabilities and the required access do not line up clearly.

评估建议

This skill is ambiguous about how it will actually perform purchases and what credentials it needs. Before installing or enabling it: 1) Ask the developer for a precise list of required environment variables, API endpoints, and what exact actions the agent will take (especially whether it will complete purchases or only provide links). 2) Do not provide payment or full-account credentials until you confirm least-privilege support (read-only keys or platform sandbox/test mode). Use virtual/epheme...

详细分析 ▾

⚠ 用途与能力

The name and description claim a 'fully autonomous buying agent' (including checkout in roadmap) but the SKILL.md contains only high-level design and web-search product discovery; it does not declare the APIs, payment hooks, or credentials that a real autonomous purchase flow would need. That mismatch is concerning because full purchasing requires sensitive credentials and clear integration points which are not listed.

⚠ 指令范围

The runtime instructions are very high-level and open-ended (activate when user mentions buying, perform research/comparison). They do not specify which services or endpoints to call, what data may be collected, or any safety/consent checks before performing purchases. This vagueness gives the agent broad discretion and could permit collection or use of sensitive information without constraints.

✓ 安装机制

There is no install spec and no code files — this is instruction-only, which reduces install-time risk (nothing is downloaded or executed). However, being instruction-only also means there is no code for static analysis.

⚠ 凭证需求

The SKILL.md says 'Set up API credentials in environment variables as needed for each supported platform' but the skill metadata declares no required env vars or primary credential. That absence makes it unclear what secrets the skill will ask for and why; requesting payment or platform tokens later would be disproportionate without explicit declarations and justification.

✓ 持久化与权限

The skill is not marked always:true and is user-invocable; it does not request persistent system-wide privileges in the metadata. Autonomous invocation is allowed by default, which is expected for skills but should be considered alongside the other concerns.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv0.1.02026/4/1

- Initial release of Buyer Agent (v0.1.0) - Provides autonomous product research, price comparison, and purchase recommendations - Activated when users request help with buying, shopping, or product deals - Returns product options, best deals, and checkout links based on user preferences - Basic product search functionality via web search

● 无害

安装命令

点击复制

官方npx clawhub@latest install buyer-agent

镜像加速npx clawhub@latest install buyer-agent --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库