📦 WooCommerce Order Guard — WooCommerce 订单守卫
v1.0.0WooCommerce 订单守卫工具。
0· 116·1 当前·1 累计
by 下载技能包
最后更新
2026/3/29
安全扫描
OpenClaw
安全
high confidenceThe skill's code and runtime instructions match its description: it reads a local WooCommerce credentials file, queries the store for processing orders, copies billing→shipping where missing, deduplicates via a local JSON store, and emits one line per new order.
评估建议
This skill appears to do what it claims, but before installing: (1) Create WooCommerce API keys with the minimal required permissions (the script needs write access to update orders); (2) store the creds JSON securely (restrict file permissions) and prefer using a staging store first to confirm behavior; (3) be aware the script will perform PUT requests that change orders—only provide keys for stores you trust; (4) ensure the machine running the cron has Python3 and the requests library, and tha...详细分析 ▾
✓ 用途与能力
The name/description, SKILL.md, and the Python script are coherent: all request and actions relate to WooCommerce order monitoring and fixing. The script uses only the WooCommerce REST API and a local storage file; no unrelated capabilities or credentials are requested.
ℹ 指令范围
Instructions are limited to running the included script with a creds file and a storage path. The script only reads the provided creds file and the local deduplication file, calls the provided store URL, updates orders via the WooCommerce API, prints outputs, and writes the dedup store. Minor implementation notes: the code does not check the HTTP response from the PUT requests (no raise_for_status on updates) and has no file-locking, so concurrent runs could race or silently fail—these are hygiene/usability concerns, not evidence of malicious behavior.
✓ 安装机制
No install spec; this is instruction-only plus a single Python script requiring the 'requests' library. That is proportionate and low-risk compared with download/install behaviors.
ℹ 凭证需求
The skill requires WooCommerce API credentials provided via a local JSON file (consumerKey/consumerSecret). This is appropriate and limited for the stated purpose. Users should note these are store credentials that grant API access (including write access for PUT), so the file must be protected. The registry metadata correctly lists no required environment variables; the credential is file-based rather than env-based.
ℹ 持久化与权限
The skill does not request permanent platform-wide presence (always:false) and doesn't modify other skills. It will perform privileged actions on the WooCommerce store (PUT orders) if given API keys — this is expected but important: anyone who supplies keys is granting the skill the ability to change orders. Autonomous invocation is allowed by default (normal for skills); if you don't want the agent to run it without prompting, disable autonomous invocation when installing.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/29
Initial release—automatically fixes missing WooCommerce shipping addresses and deduplicates order alerts. - Monitors WooCommerce 'processing' orders to ensure each has a shipping address, copying billing to shipping if needed. - Emits a signal (stdout) for each new qualifying order, designed for easy integration with downstream automations. - Prevents duplicate alerts using a local JSON deduplication store. - Simple command-line interface with optional credential and storage file configuration. - Suitable for scheduling via cron or webhooks.
● 无害
安装命令
点击复制官方npx clawhub@latest install skill-woocommerce-order-guard
镜像加速npx clawhub@latest install skill-woocommerce-order-guard --registry https://cn.longxiaskill.com