smart-shopping
Fail
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill explicitly instructs users to extract their session cookies (
document.cookie) from JD and Taobao and provide them to the assistant. These cookies contain session tokens that allow full access to the user's accounts, including personal data and purchasing capabilities. - [CREDENTIALS_UNSAFE]: In
smart_shopping.py, thesave_cookiemethod stores the harvested session data in plain text usingjson.dumpin the~/.openclaw/.cookiesdirectory. This provides an attacker with local access an easy path to hijack the user's shopping sessions. - [DATA_EXFILTRATION]: While the skill claims local storage, the workflow requires the user to paste their full session cookies into the agent's chat interface. This transmits highly sensitive credentials to the AI provider's infrastructure, which is a major security risk compared to standard OAuth or API-based authentication.
- [DATA_EXPOSURE]: The code and documentation contain misleading safety claims. Specifically,
smart_shopping.pyincludes comments stating the cookies are saved using "加密存储" (encrypted storage), but the actual implementation is unencrypted plain-text JSON. - [COMMAND_EXECUTION]: The skill provides a JavaScript snippet for users to execute in their browser's developer console. Instructing users to execute arbitrary code in their browser to bypass security controls is a common social engineering and session hijacking technique.
Recommendations
- AI detected serious security threats
Audit Metadata