Safety Report

Dianping-query

Name: Dianping-query
Author: guogang1024

查询大众点评餐厅信息。使用场景：(1) 用户要查询某家餐厅的评分、人均消费、地址 (2) 用户要搜索特定菜系或区域的餐厅推荐 (3) 用户要获取附近美食推荐。登录账号：一定S。重要：搜索时URL需包含城市ID（如hangzhou页面），账号定位北京时需使用URL参数方式绕过。

1,506Downloads

2Installs

0Stars

1Versions

Security Analysis

medium confidence

Clean0.08 risk

The skill's instructions and requirements are consistent with its stated purpose (scraping/searching Dianping pages), but it includes some minor confusing guidance around login and asks the user to provide phone/verification input which is sensitive and worth caution.

Feb 10, 20261 files2 concerns

Purpose & Capabilityok

The name/description (query Dianping restaurant info) matches the SKILL.md steps: open city URL, run searches, and extract listing fields. No unrelated services, binaries, or credentials are requested.

Instruction Scopenote

Instructions are narrowly focused on opening Dianping pages, using browser.tabs, and extracting restaurant data. Two points to note: (1) the doc both says '无需登录即可访问杭州地区内容' and also instructs to '确认登录状态' and provides a named account ('一定S'), which is inconsistent and could confuse operators; (2) it tells the agent to prompt the user for a phone number and verification code to log in—this is sensitive user data and outside simple read-only scraping.

Install Mechanismok

Instruction-only skill with no install steps and no code files — nothing is written to disk or downloaded by the skill itself.

Credentialsnote

The skill declares no environment variables or secrets, which is proportionate. However, it explicitly expects interactive login flow and requests the user's phone number and verification code if not logged in; this is sensitive and the skill doesn't state how such data is handled or stored.

Persistence & Privilegeok

No 'always' flag, no requested system persistence, and no explicit credentials are stored by the skill. Model invocation is not disabled (default), so the model could invoke the skill autonomously unless platform-level controls prevent that.

Guidance

This skill appears to do what it says: open Dianping city pages and extract restaurant info. Before installing, confirm you trust the skill's source (no homepage or maintainer info is provided). Be cautious about providing phone numbers or verification codes—prefer logging in yourself in a trusted browser session rather than handing codes to an automated skill. If you don't want the skill invoked autonomously, ask the platform to disable model-initiated calls or set the skill to require explicit user invocation. Finally, if the named account ('一定S') is supposed to be used, ask the publisher why it’s included and whether any credentials will be stored or transmitted.

Latest Release

v1.0.0

- Initial release of dianping-query: 查询大众点评餐厅信息的实用指南。 - 详尽说明杭州、美食、餐厅等高频搜索场景的操作步骤和方案。 - 补充城市ID和URL用法以规避定位限制，提升跨区域搜索体验。 - 明确登录机制和浏览器操作要求，方便获取评分、人均消费、地址等信息。 - 总结常见问题及解决方法，支持多样化的餐厅信息提取需求。

More by @guogang1024

Session-logs

11 stars

Trend Watcher

6 stars

Research-engine

2 stars

Consciousness Awakening

0 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Published by @guogang1024 on ClawHub