Alibaba Supplier Outreach — 阿里巴巴供应商开发
v1.0.0阿里巴巴供应商开发工具。
1· 658·1 当前·1 累计
by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's instructions line up with its stated purpose (automating Alibaba outreach) but it automates actions in your logged-in browser (including screenshots and coordinate clicks), expects platform tools that are not declared in the metadata, and could capture or act on sensitive data — proceed with caution.
评估建议
This skill behaves like a remote assistant that will control your Chrome session to search suppliers, read and send messages, and take screenshots. Before installing or invoking it: 1) Confirm you are comfortable allowing automated actions from your logged-in Alibaba account (it will send messages and read replies). 2) Note the SKILL.md requires LaunchFast and specific chrome-automation tools but the skill metadata does not declare these — ask the author to list required platform tools. 3) Be ca...详细分析 ▾
ℹ 用途与能力
The skill's name and description match what the SKILL.md instructs (finding suppliers, crafting messages, sending inquiries, checking replies). However, the runtime instructions require platform-specific tools (mcp__launchfast__supplier_research and mcp__claude-in-chrome__* chrome automation) and a logged-in Alibaba Chrome session, but these required tools are not declared in the skill's top-level metadata — a mismatch that should have been explicit.
⚠ 指令范围
The instructions tell the agent to control the user's browser, navigate to supplier pages, read message pages, type and send messages, and take screenshots for verification. Taking screenshots of web pages opened in the user's browser can capture sensitive or unrelated information (account details, other messages). The use of coordinate-based clicks is brittle and can click the wrong UI element, causing unintended actions. While reading and sending messages is within the stated purpose, these operations are privacy- and action-sensitive and should be explicitly called out, limited, and audited.
✓ 安装机制
No install spec or code files are present; the skill is instruction-only. This lowers supply-chain risk because nothing is downloaded or written to disk by the skill itself.
ℹ 凭证需求
The skill requests no environment variables or credentials, and it does not ask for AWS/other unrelated secrets. Instead it relies on the user's logged-in Chrome session for Alibaba and on platform tools. That is reasonable for a browser-automation-based outreach skill, but the metadata should have declared these tool dependencies so users understand what platform capabilities it needs.
✓ 持久化与权限
The skill does not request persistent 'always' inclusion or special agent-wide privileges. It can invoke autonomously (platform default), which is expected — but given the ability to operate the user's logged-in browser, users should be aware of the potential blast radius if the skill is allowed to run without supervision.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/2/23
Alibaba Supplier Outreach Skill v1.0.0 - Initial release of the Alibaba Supplier Outreach skill for Amazon FBA sourcing. - Supports supplier research, automated outreach, reply monitoring, and negotiation management via Chrome automation. - Guides users through finding suppliers, crafting and sending optimized messages, and managing ongoing conversations. - Integrates with LaunchFast for supplier data and leverages memory for tracking negotiations. - Includes detailed step-by-step workflows for outreach, checking replies, and follow-ups.
● 可疑
安装命令
点击复制官方npx clawhub@latest install alibaba-supplier-outreach
镜像加速npx clawhub@latest install alibaba-supplier-outreach --registry https://cn.longxiaskill.com 镜像可用
本土化适配说明
Alibaba Supplier Outreach — 阿里巴巴供应商开发 安装说明: 安装命令:npx clawhub@latest install alibaba-supplier-outreach 支持国内镜像加速,使用 --registry https://cn.longxiaskill.com 参数可加速下载 该技能用于淘宝相关操作,可能需要相应的平台账号或API密钥