技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 389 · 4 current installs · 4 all-time installs
⭐ 0
安装量(当前) 4
🛡 VirusTotal :可疑 · OpenClaw :良性
Package:danielwangyy/jd-price-protect
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :良性
OpenClaw 评估
The skill's code, instructions, and requested access are consistent with its stated purpose (automating JD price-protection clicks via your local OpenClaw browser relay); there are a few minor documentation gaps and operational caveats to be aware of, but nothing that suggests hidden malicious behavior.
目的
The skill claims to drive JD.com pages via the OpenClaw Browser Relay and the included script does exactly that: derives a relay token, connects to a local CDP websocket, finds/navigates to the JD price-protection page, clicks '申请价保' buttons, and collects results. Required accesses (gateway token or ~/.openclaw/openclaw.json) are coherent with the stated purpose.
说明范围
SKILL.md and the script are aligned on the core workflow. Minor inconsistencies: SKILL.md suggests scheduled runs should 'skip silently' when the Chrome relay is disconnected, but the script throws errors like 'No gateway token found' or 'No browser page available' and exits non-zero—so scheduled behavior may not be as silent as described. The script reads only the gateway token from ~/.openclaw/openclaw.json (or GATEWAY_TOKEN) and otherwise o…
安装机制
There is no install spec (instruction-only), which reduces surface risk. However the script requires Node and the 'playwright-core' module; neither Node nor dependency installation is documented in SKILL.md. The script tries to require 'playwright-core' (including a fallback path), so users must ensure playwright-core is installed in their environment before running.
证书
The script needs only the OpenClaw gateway token (from GATEWAY_TOKEN env var or ~/.openclaw/openclaw.json) to derive the relay token — this is proportional because the relay token is what authorizes CDP access to the user's browser. No other credentials or unrelated secrets are requested.
持久
The skill does not request persistent 'always' inclusion or modify other skills/config. However it exercises a high-impact capability at runtime: it controls the user's browser (pages and clicks) while the user is logged in to JD. That privilege is expected for this task but is powerful — the script will act with the authority of the logged-in session, so the user should only run it for trusted code and contexts.
综合结论
This skill appears to implement exactly what it claims (automatically apply price-protection requests in your JD account) and doesn't contact unexpected remote servers, but take these precautions before installing or running it: - Code review: inspect scripts/price-protect.js yourself (it's included) or have someone you trust review it before running. - Gateway token: the script reads your OpenClaw gateway token from ~/.openclaw/openclaw.json …
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「JD Price Protection 京东自动价保」。简介:Auto-apply JD.com (京东) price protection on all eligible orders. Connects to Chr…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/danielwangyy/jd-price-protect/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: jd-price-protect
description: Auto-apply JD.com (京东) price protection on all eligible orders. Connects to Chrome via OpenClaw Browser Relay CDP, navigates to JD price protection page, clicks all "申请价保" buttons, and reports refund results. Supports pagination and scheduled cron usage.
tags: [shopping, automation, browser, jd, price-protection, china, 京东, 价保]
author: Danielwangyy
version: 1.0.0
---
# JD Price Protection
Auto-apply price protection (价格保护) on all eligible JD.com orders via Chrome Browser Relay.
## Prerequisites
- Chrome with OpenClaw Browser Relay extension installed and connected (badge ON)
- User must be logged into JD.com in Chrome
- OpenClaw gateway running
## Usage
Run the script:
```bash
node <skill-dir>/scripts/price-protect.js
```
The script will:
1. Connect to Chrome via OpenClaw's CDP relay (auto-derives relay token from gateway config)
2. Navigate to `https://pcsitepp-fm.jd.com/` if needed
3. Click every "申请价保" button on the page
4. Reload and collect results (successes with refund amounts, failures with reasons)
5. Output JSON results
## Interpreting Results
```json
{
"total": 11,
"clicked": 11,
"success": [{"name": "ANKER 140W充电线...", "amount": "6.00"}],
"failed": [{"name": "KAMAN收纳盒...", "reason": "无差价"}]
}
```
- Only notify user if `success` array is non-empty (refunds obtained)
- If all items show "无差价", update state silently
## Scheduled Usage
Set up a cron job to run every ~8 hours. Example agent prompt:
> Run `node <skill-dir>/scripts/price-protect.js`. If Chrome relay is disconnected (error), skip silently. If refunds found, notify user. Otherwise update checkedAt silently.
## Troubleshooting
- **"No browser page available"**: Chrome relay disconnected. User must click Browser Relay toolbar icon.
- **"No gateway token found"**: Set `GATEWAY_TOKEN` env var or ensure `~/.openclaw/openclaw.json` has `gateway.auth.token`.
- **Timeout on clicks**: A popup may be blocking. Script presses Escape after each click to dismiss.
## How It Works
Derives the relay auth token via `HMAC-SHA256(gatewayToken, "openclaw-extension-relay-v1:<port>")`, connects Playwright to Chrome's CDP websocket, then uses `getByText('申请价保', {exact: true}).click()` to trigger each button.