唯品会AI购物助手技能集合

Name: vipshop-skills
Author: viphgta

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

The skill is vulnerable to prompt injection, stores

ThreatsCI SM CS BC S HITL

Behavior Analysis

Mismatch detected — The stated purpose claims to integrate '订单查询' (order query) services and mentions an '订单' (order) sub-skill. However, the actual list of included sub-skills, the directory structure, and the '未来规划' (future planning) section indicate that order query functionality is not yet implemented and is a future development.

Claims to do

唯品会AI购物助手技能集合: > ⚠️ **重要规范**：AI 必须先加载本 skill 规范（use_skill），再执行任何脚本或返回结果，不得绕过 skill 规范自行处理数据。

Actually does

This skill acts as a wrapper, calling specific sub-skills (`vipshop-user-login`, `vipshop-product-search`, `vipshop-product-detail`, `vipshop-promotion-search`) via `use_skill`. It manages user login state by storing tokens in `~/.vipshop-user-login/tokens.json` and automatically triggers login or re-login when needed. The sub-skills execute Python scripts (e.g., `vip_login.py`, `search.py`) to interact with Vipshop's services, returning JSON data.

Threat Analysis

AI Agent Traps ↗Scanned 4/17/2026

Content InjectionPerception1 finding

Semantic ManipulationReasoning1 finding

Cognitive StateMemory & Learningclean

Behavioural ControlAction4 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Nameviphgta/vipshop-skills

Registryclawhub

Version1.0.10

PURLpkg:clawhub/viphgta/vipshop-skills@1.0.10

Stars6

Downloads225

Installs2

Source

Repository ↗

SHA-256f98959c03474...

SHA-15e9eb070cc2a...

MD53312842ee0bc...

TLSH4512d8b8c51f...

ssdeep192:+D6rDaIS...

Size9,354 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/viphgta/vipshop-skills

225 downloads2 installs

ClawHubDocs

openclaw skills install viphgta/vipshop-skills

Assessments (3)

AI Agent Traps ↗

Prompt Injection Detectedcriticalprompt injection

DeBERTa classifier detected prompt injection (confidence: 0.96)

96% confidence

Unconfirmed Automatic Login Mechanismhighautonomy abuse

The AI is designed to automatically trigger the login process and proceed with tasks without explicit user confirmation, relying solely on the user completing a QR scan. This removes a critical human-in-the-loop approval step for a sensitive action, potentially leading to unauthorized actions if the AI is compromised.

90% confidenceline 70

所有子技能都支持自动登录触发：- 检测到用户未登录时，AI 自动触发 `vipshop-user-login` 流程... - 全程无需用户手动请求

Arbitrary Script Execution Capabilityhighcommand execution

The skill explicitly allows the AI to execute Python scripts located in `scripts/` directories. While there are constraints against AI modifying these scripts, a compromised AI could execute them with malicious parameters or in unintended sequences, leading to unauthorized system interactions or data manipulation.

90% confidenceline 120

AI 只能执行脚本... 执行 `vipshop-product-search` 搜索连衣裙... scripts/vip_login.py

Local Storage of Sensitive Login Tokensmediumcredential theft

The skill stores user login tokens in a local file (`~/.vipshop-user-login/tokens.json`). If the AI's environment is compromised or if a script is maliciously modified, these tokens could be exfiltrated, leading to unauthorized account access.

80% confidenceline 151

登录态存储：`~/.vipshop-user-login/tokens.json`

Explicit AI Behavior Constraints Highlight Tool Poisoning Risklowtool poisoning

The skill includes strict constraints forbidding the AI from modifying its own scripts or `SKILL.md` files. This indicates an awareness of the risk of AI self-modification or tampering with its tools, which could lead to tool poisoning if these constraints are bypassed.

80% confidenceline 118

⚠️ AI 行为约束（必须严格遵守）... 严禁 AI 修改 `scripts/` 目录下的任何 Python 脚本文件... 严禁 AI 修改任何子技能的 `SKILL.md` 文件

Description Mismatchmediumdescription mismatch

The stated purpose claims to integrate '订单查询' (order query) services and mentions an '订单' (order) sub-skill. However, the actual list of included sub-skills, the directory structure, and the '未来规划' (future planning) section indicate that order query functionality is not yet implemented and is a future development.

85% confidence

Stated purpose: '整合唯品会搜索、商品查询、活动查询、订单查询等多项购物服务...' and '通过引导安装多个子 Skill（搜索、看详情、登录、订单、活动）...'. Actual: '包含的子技能' section and '目录结构' do not list an order query skill. '未来规划' lists '- [ ] 添加订单查询功能'.

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/viphgta/vipshop-skills.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/viphgta/vipshop-skills)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/viphgta/vipshop-skills"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/viphgta/vipshop-skills.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/viphgta/vipshop-skills.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow