技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 18 · 0当前安装次数· 0历史安装次数
⭐ 0
安装量(当前) 0
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:cjboy007/ssa-pricing-engine
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The code and instructions implement the described dynamic pricing functionality, but there are mismatches and missing declarations (undeclared environment variables, reads of sibling project output paths, and an unclear Discord notification/webhook mechanism) that warrant caution before installing.
目的
The name/description (dynamic pricing tied to LME copper, quantity tiers, customer grades, exchange rates, and integration with quotation-workflow) matches the included scripts and config files: pricing-engine, copper-price-adapter, exchange-rate, price-history, and quotation integration. Dependencies on quotation-workflow and copper-price-monitor are declared in SKILL.md and the code references those integrations, so the requested capabilitie…
说明范围
The runtime instructions and scripts read and write files (cache/, logs/, output/, config/), and copper-price-adapter explicitly scans a relative path outside the skill (<skill>/../../../copper-price-monitor/output). That external path access is consistent with the declared dependency but means the skill will attempt to read files outside its own directory. The SKILL.md and code instruct creating/using local logs and JSONL history files (which…
安装机制
There is no install spec (instruction-only packaging) and code is included as plain JS files. That is lower install-risk than downloading arbitrary binaries. The package writes files to local directories (cache, logs, output) as part of normal operation. No remote downloads or archive extraction are present in the provided manifest.
证书
The registry metadata lists no required environment variables, yet SKILL.md and the code use several env vars (DRY_RUN, PRICING_LOG, COPPER_LOG, CACHE_TTL_MS, PRICE_HISTORY_FILE). In addition, the bottom-price flow references Discord notifications but no webhook, token, or credentials are declared — it's unclear how notifications authenticate. The skill uses an external exchange rate API (open.er-api.com) which is reasonable for its purpose, b…
持久
The skill is not always: true and does not request elevated platform privileges. It will create and write local files (cache, logs, output, price-history.jsonl) and persist history and caches by design. This is proportionate for a pricing engine, but users should be aware it writes persistent logs and history files and may read a sibling project's output directory.
scripts/quotation-integration.js:355
检测到Shell命令执行( child_process )。
scripts/exchange-rate.js:28
环境变量访问与网络发送相结合。
scripts/exchange-rate.js:88
文件读取与网络发送相结合(可能泄露)。
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Pricing Engine」。简介:动态定价引擎 — 根据 LME 铜价、数量阶梯、客户等级、实时汇率自动计算报价,集成 quotation-workflow 生成报价单。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/cjboy007/ssa-pricing-engine/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。