{ "schemaVersion": "1.0", "item": { "slug": "secure-shopper", "name": "Secure Shopper", "source": "tencent", "type": "skill", "category": "效率提升", "sourceUrl": "https://clawhub.ai/moodykong/secure-shopper", "canonicalUrl": "https://clawhub.ai/moodykong/secure-shopper", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/secure-shopper", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=secure-shopper", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "config.json", "scripts/onboard.mjs", "scripts/task_io.mjs" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/secure-shopper" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/secure-shopper", "agentPageUrl": "https://openagent3.xyz/skills/secure-shopper/agent", "manifestUrl": "https://openagent3.xyz/skills/secure-shopper/agent.json", "briefUrl": "https://openagent3.xyz/skills/secure-shopper/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "secure-shopper 🛒", "body": "Find items across one or more shopping sites, summarize candidates, and (optionally) place the order using secure-autofill.\n\nThis skill is asynchronous: spawn a sub-agent for browsing so the main chat stays responsive." }, { "title": "Required skills / plugin", "body": "The secure-autofill skill exists at: ~/.openclaw/skills/secure-autofill/\nThe secure-autofill plugin tools are available:\n\nvault_suggest\nvault_fill" }, { "title": "Inherit secure-autofill prerequisites", "body": "A working non-headless Chrome (many shops block headless)\nGateway environment has required env vars (per secure-autofill)\n\nConcrete check:\n\ncommand -v google-chrome || command -v google-chrome-stable" }, { "title": "Configuration (portable)", "body": "Skill-local config files:\n\nExample (shareable, do not edit): ~/.openclaw/skills/secure-shopper/config.json.example\nReal (machine-specific, written by onboarding): ~/.openclaw/skills/secure-shopper/config.json\n\nConfig keys:\n\ngoToSites[]: list of default shopping sites (e.g. Amazon, Walmart)\nlocation.zip or location.address: used for shipping/availability context\npreferences.priority: one of:\n\nrelevancy\ncheaper\nfaster\nreviews\n\n\npreferences.maxCandidatesPerSite: cap per site (default 5)\npreferences.safeBrowsing: guardrails to avoid oversized pages / context overflow (applies to all sites)\n\nstartFromSearch: true|false (default true) — prefer a site’s search results page over the homepage/product pages\nmaxCandidatesPerPass: number (default 3) — extract a few items at a time (then paginate/scroll)\nsnapshot: limits for browser.snapshot\n\ncompact: boolean (default true)\ndepth: number (default 6)\nmaxChars: number (default 12000)\n\n\nfallback: what to do on context_length_exceeded\n\nretryWithTighterSnapshot: boolean (default true)\nswitchToSearchUrl: boolean (default true)" }, { "title": "Preferred (chat-first)", "body": "Ask Boss and then write config.json:\n\nGo-to shopping website(s)\n\nExamples: Amazon, Walmart, Target\nStore into goToSites[]\n\n\n\nZip code OR proximity address\n\nStore into location.zip and/or location.address\n\n\n\nPreferences\n\nAsk for priority: relevancy vs cheaper vs faster delivery vs higher review scores\nStore into preferences.priority (+ optional notes)\n\nAfter collecting answers, update the real config file.\n\nOptional helper (terminal):\n\nnode ~/.openclaw/skills/secure-shopper/scripts/onboard.mjs \\\n --sites 'Amazon=https://www.amazon.com|Walmart=https://www.walmart.com' \\\n --zip 46202 \\\n --priority cheaper" }, { "title": "0) Require a shopping description", "body": "The user must provide a description of their shopping task.\n\nIf they didn’t: stop and ask for it." }, { "title": "1) Honor runtime user prompts", "body": "Runtime user instructions (the user’s message for this run) override stored config.\n\nExamples of runtime overrides:\n\n“Use Target instead of Amazon.”\n“Only show Prime-eligible.”\n“Budget under $50.”" }, { "title": "2) Login via secure-autofill (skip if already logged in)", "body": "Use the configured go-to sites, unless the runtime prompt specifies a site.\nIf the site session appears already authenticated: skip login.\nOtherwise, use secure-autofill login flow:\n\nbrowser.snapshot to get refs\nvault_suggest/vault_fill to fill credentials" }, { "title": "3) Make the browsing asynchronous", "body": "Immediately after accepting the task, respond with something like:\n\nI’m en route to the stores. I’ll notify you when I find the best matches.\n\nThen spawn a sub-agent so the main session is not interrupted.\n\nImplementation note:\n\nUse sessions_spawn with a task that includes the shopping description and any runtime overrides." }, { "title": "4) Browse + identify candidates", "body": "The sub-agent browses each chosen site, searches, filters, and identifies candidates that fit the user description.\n\nContext-safe browsing (ALL shopping sites)\n\nMany shopping sites can produce extremely large pages/snapshots. To avoid context_length_exceeded failures:\n\nPrefer starting from a search results URL (or the site’s search box) rather than the homepage.\nUse small snapshots:\n\nbrowser.snapshot(..., compact=true)\nkeep depth modest (e.g., 4–8)\nset maxChars and/or target a specific container when possible\n\n\nExtract incrementally:\n\ngrab top ~3 candidates, record them, then paginate/scroll and repeat until maxCandidatesPerSite is met\n\n\nIf a snapshot still overflows:\n\nretry with a tighter snapshot (smaller depth / smaller region)\nswitch to a search URL (/search?q=...) and re-extract\n\n\nDo not “reason through” massive dumps. If the page is huge, reduce the page slice first.\n\nRecord results to:\n\n/home/miles/.openclaw/workspace/artifacts/secure_shopping/{timestamp}_shopping_task.json\n\nJSON requirements:\n\nRecord:\n\nuserPrompt (shopping description)\nstartTime\nendTime\nphase (required):\n\ncandidates_found | awaiting_accept_deny | awaiting_checkout_confirm | ordered\n\n\ncandidates[]\n\n\nCandidates for the same request must live under the same parent task.\nEach candidate must include:\n\nprice (string)\nreviewScore (string/number)\nurl\nverdict (short)\nstatus: pending | accepted | denied | shopped\n\nSuggested candidate shape:\n\n{\n \"site\": \"Amazon\",\n \"title\": \"...\",\n \"price\": \"$39.99\",\n \"reviewScore\": \"4.6 (12,345)\",\n \"url\": \"https://...\",\n \"verdict\": \"Best value under $50; good reviews; ships tomorrow\",\n \"status\": \"pending\"\n}\n\nHelper module (optional): scripts/task_io.mjs." }, { "title": "5) Notify user + REQUIRE accept/deny (hard gate)", "body": "When browsing is done, you must:\n\nSet JSON phase = \"awaiting_accept_deny\".\nTranslate the JSON into a human-friendly summary.\nIn the same message, require an ACCEPT/DENY decision. Do not end the turn without the prompt.\n\nMandatory message template (copy this structure):\n\nRecommended pick: — <price> — <reviewScore> — <1-line why>\nOther options: (optional, 1–5 bullets)\nChoose: Reply with A=accept/deny, B=accept/deny, ... (or “Accept A” / “Deny B”).\nNext step: “If you accept one: do you want me to checkout, or stop at ready-to-buy?”\n\nHard rule:\n\nIf you listed candidates/links but did not include an explicit Choose (ACCEPT/DENY) line, the output is invalid and must be rewritten before sending." }, { "title": "6) Apply accept/deny updates", "body": "Once the user replies:\n\nUpdate each candidate status to accepted or denied.\nConfirm the accepted candidate(s).\nSet JSON phase:\n\nawaiting_checkout_confirm if at least one is accepted and checkout is not yet confirmed\nkeep awaiting_accept_deny if the user’s response is ambiguous / incomplete" }, { "title": "7) Checkout (only after explicit confirmation)", "body": "Before you click any “Place order” / “Submit” equivalent:\n\nAsk for a clear confirmation like: “Confirm checkout for A? (yes/no)”\nSet JSON phase = \"awaiting_checkout_confirm\" until confirmed.\n\nIf the user confirms checkout:\n\nNavigate to the accepted candidate’s URL\nAdd to cart / proceed to checkout\nUse secure-autofill to input payment/shipping info and submit\n\nIf secure-autofill reports an error:\n\nDo not guess.\nPass the error back to the user." }, { "title": "8) Mark as shopped", "body": "If the order is successfully placed:\n\nupdate that candidate’s status to shopped\nset JSON phase = \"ordered\"" }, { "title": "Notes / guardrails", "body": "Never paste secrets.\nCheckout flows often require MFA / SMS verification; ask the user when needed.\nPrefer fewer high-quality candidates over a long list." } ], "body": "secure-shopper 🛒\n\nFind items across one or more shopping sites, summarize candidates, and (optionally) place the order using secure-autofill.\n\nThis skill is asynchronous: spawn a sub-agent for browsing so the main chat stays responsive.\n\nPrerequisites\nRequired skills / plugin\nThe secure-autofill skill exists at: ~/.openclaw/skills/secure-autofill/\nThe secure-autofill plugin tools are available:\nvault_suggest\nvault_fill\nInherit secure-autofill prerequisites\nA working non-headless Chrome (many shops block headless)\nGateway environment has required env vars (per secure-autofill)\n\nConcrete check:\n\ncommand -v google-chrome || command -v google-chrome-stable\n\nConfiguration (portable)\n\nSkill-local config files:\n\nExample (shareable, do not edit): ~/.openclaw/skills/secure-shopper/config.json.example\nReal (machine-specific, written by onboarding): ~/.openclaw/skills/secure-shopper/config.json\n\nConfig keys:\n\ngoToSites[]: list of default shopping sites (e.g. Amazon, Walmart)\nlocation.zip or location.address: used for shipping/availability context\npreferences.priority: one of:\nrelevancy\ncheaper\nfaster\nreviews\npreferences.maxCandidatesPerSite: cap per site (default 5)\npreferences.safeBrowsing: guardrails to avoid oversized pages / context overflow (applies to all sites)\nstartFromSearch: true|false (default true) — prefer a site’s search results page over the homepage/product pages\nmaxCandidatesPerPass: number (default 3) — extract a few items at a time (then paginate/scroll)\nsnapshot: limits for browser.snapshot\ncompact: boolean (default true)\ndepth: number (default 6)\nmaxChars: number (default 12000)\nfallback: what to do on context_length_exceeded\nretryWithTighterSnapshot: boolean (default true)\nswitchToSearchUrl: boolean (default true)\nInitialization / installation / onboarding\nPreferred (chat-first)\n\nAsk Boss and then write config.json:\n\nGo-to shopping website(s)\n\nExamples: Amazon, Walmart, Target\nStore into goToSites[]\n\nZip code OR proximity address\n\nStore into location.zip and/or location.address\n\nPreferences\n\nAsk for priority: relevancy vs cheaper vs faster delivery vs higher review scores\nStore into preferences.priority (+ optional notes)\n\nAfter collecting answers, update the real config file.\n\nOptional helper (terminal):\n\nnode ~/.openclaw/skills/secure-shopper/scripts/onboard.mjs \\\n --sites 'Amazon=https://www.amazon.com|Walmart=https://www.walmart.com' \\\n --zip 46202 \\\n --priority cheaper\n\nHow it works (agent behavior contract)\n0) Require a shopping description\n\nThe user must provide a description of their shopping task.\n\nIf they didn’t: stop and ask for it.\n1) Honor runtime user prompts\n\nRuntime user instructions (the user’s message for this run) override stored config.\n\nExamples of runtime overrides:\n\n“Use Target instead of Amazon.”\n“Only show Prime-eligible.”\n“Budget under $50.”\n2) Login via secure-autofill (skip if already logged in)\nUse the configured go-to sites, unless the runtime prompt specifies a site.\nIf the site session appears already authenticated: skip login.\nOtherwise, use secure-autofill login flow:\nbrowser.snapshot to get refs\nvault_suggest/vault_fill to fill credentials\n3) Make the browsing asynchronous\n\nImmediately after accepting the task, respond with something like:\n\nI’m en route to the stores. I’ll notify you when I find the best matches.\n\nThen spawn a sub-agent so the main session is not interrupted.\n\nImplementation note:\n\nUse sessions_spawn with a task that includes the shopping description and any runtime overrides.\n4) Browse + identify candidates\n\nThe sub-agent browses each chosen site, searches, filters, and identifies candidates that fit the user description.\n\nContext-safe browsing (ALL shopping sites)\n\nMany shopping sites can produce extremely large pages/snapshots. To avoid context_length_exceeded failures:\n\nPrefer starting from a search results URL (or the site’s search box) rather than the homepage.\nUse small snapshots:\nbrowser.snapshot(..., compact=true)\nkeep depth modest (e.g., 4–8)\nset maxChars and/or target a specific container when possible\nExtract incrementally:\ngrab top ~3 candidates, record them, then paginate/scroll and repeat until maxCandidatesPerSite is met\nIf a snapshot still overflows:\nretry with a tighter snapshot (smaller depth / smaller region)\nswitch to a search URL (/search?q=...) and re-extract\nDo not “reason through” massive dumps. If the page is huge, reduce the page slice first.\n\nRecord results to:\n\n/home/miles/.openclaw/workspace/artifacts/secure_shopping/{timestamp}_shopping_task.json\n\nJSON requirements:\n\nRecord:\nuserPrompt (shopping description)\nstartTime\nendTime\nphase (required):\ncandidates_found | awaiting_accept_deny | awaiting_checkout_confirm | ordered\ncandidates[]\nCandidates for the same request must live under the same parent task.\nEach candidate must include:\nprice (string)\nreviewScore (string/number)\nurl\nverdict (short)\nstatus: pending | accepted | denied | shopped\n\nSuggested candidate shape:\n\n{\n \"site\": \"Amazon\",\n \"title\": \"...\",\n \"price\": \"$39.99\",\n \"reviewScore\": \"4.6 (12,345)\",\n \"url\": \"https://...\",\n \"verdict\": \"Best value under $50; good reviews; ships tomorrow\",\n \"status\": \"pending\"\n}\n\n\nHelper module (optional): scripts/task_io.mjs.\n\n5) Notify user + REQUIRE accept/deny (hard gate)\n\nWhen browsing is done, you must:\n\nSet JSON phase = \"awaiting_accept_deny\".\nTranslate the JSON into a human-friendly summary.\nIn the same message, require an ACCEPT/DENY decision. Do not end the turn without the prompt.\n\nMandatory message template (copy this structure):\n\nRecommended pick: <title> — <price> — <reviewScore> — <1-line why>\nOther options: (optional, 1–5 bullets)\nChoose: Reply with A=accept/deny, B=accept/deny, ... (or “Accept A” / “Deny B”).\nNext step: “If you accept one: do you want me to checkout, or stop at ready-to-buy?”\n\nHard rule:\n\nIf you listed candidates/links but did not include an explicit Choose (ACCEPT/DENY) line, the output is invalid and must be rewritten before sending.\n6) Apply accept/deny updates\n\nOnce the user replies:\n\nUpdate each candidate status to accepted or denied.\nConfirm the accepted candidate(s).\nSet JSON phase:\nawaiting_checkout_confirm if at least one is accepted and checkout is not yet confirmed\nkeep awaiting_accept_deny if the user’s response is ambiguous / incomplete\n7) Checkout (only after explicit confirmation)\n\nBefore you click any “Place order” / “Submit” equivalent:\n\nAsk for a clear confirmation like: “Confirm checkout for A? (yes/no)”\nSet JSON phase = \"awaiting_checkout_confirm\" until confirmed.\n\nIf the user confirms checkout:\n\nNavigate to the accepted candidate’s URL\nAdd to cart / proceed to checkout\nUse secure-autofill to input payment/shipping info and submit\n\nIf secure-autofill reports an error:\n\nDo not guess.\nPass the error back to the user.\n8) Mark as shopped\n\nIf the order is successfully placed:\n\nupdate that candidate’s status to shopped\nset JSON phase = \"ordered\"\nNotes / guardrails\nNever paste secrets.\nCheckout flows often require MFA / SMS verification; ask the user when needed.\nPrefer fewer high-quality candidates over a long list." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/moodykong/secure-shopper", "publisherUrl": "https://clawhub.ai/moodykong/secure-shopper", "owner": "moodykong", "version": "0.1.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/secure-shopper", "downloadUrl": "https://openagent3.xyz/downloads/secure-shopper", "agentUrl": "https://openagent3.xyz/skills/secure-shopper/agent", "manifestUrl": "https://openagent3.xyz/skills/secure-shopper/agent.json", "briefUrl": "https://openagent3.xyz/skills/secure-shopper/agent.md" } }