Safety Report

Price Monitor FR

Name: Price Monitor FR
Author: HugoSbl

Surveille les prix de produits sur Amazon.fr, Fnac, Cdiscount et Boulanger, et alerte en cas de baisse ou d'atteinte du prix cible.

1,215Downloads

0Installs

0Stars

1Versions

Notifications & Alerts1,061 DevOps & Infrastructure1,045 Design & Prototyping842

Security Analysis

medium confidence

Clean0.08 risk

The skill's code and instructions match a price-monitoring tool that fetches product pages and stores local JSON history; nothing requested or installed appears disproportionate to that purpose, but the packaged script was truncated in the provided artifact so review the full file before installing.

Feb 11, 20263 files2 concerns

Purpose & Capabilityok

The name/SKILL.md and the included Python script implement a price-monitoring tool (fetch product pages, extract prices, persist products/history/alerts under ~/.price-monitor). No unrelated credentials, binaries, or installs are requested.

Instruction Scopenote

Runtime instructions tell the agent to run the included Python script which downloads HTML from user-supplied product URLs and writes JSON files under the user's home directory. This behavior is expected for a price monitor, but the script performs arbitrary HTTP GETs on provided URLs — which could reach internal services if misused. Also, the provided scripts output was truncated in the archive preview; the remainder should be checked for any unexpected network/exfiltration steps.

Install Mechanismok

No install spec is present (instruction-only skill) and the code claims to use only the Python stdlib. No remote downloads or package installs are declared.

Credentialsok

The skill requests no environment variables, no credentials, and stores data locally under ~/.price-monitor. No disproportionate or unexplained secret access is requested.

Persistence & Privilegenote

The skill does not set always:true, but disable-model-invocation is not set (default behavior allows the model to invoke it). That means the model could autonomously trigger network fetches and write files locally — expected for this kind of tool but worth noting if you want to restrict autonomous network access.

Guidance

This appears to be a straightforward price-monitoring script: it fetches product pages (HTTP GET), parses prices, and stores products/history/alerts under ~/.price-monitor. Before installing, review the full scripts/monitor.py file (the provided preview was truncated) to confirm there are no outgoing webhooks, remote logging, or credential-leaking code. Consider running it in a restricted environment or sandbox if you are concerned about the tool fetching arbitrary URLs (which could include internal network addresses). If you don't want the model to call the skill autonomously, disable model invocation or require explicit user approval before running it.

Latest Release

v1.0.0

Track prices on Amazon, Fnac, Cdiscount, Boulanger. Alerts on price drops.

More by @HugoSbl

AI Skill Scanner

2 stars

Markdown to Social

0 stars

Legal Docs FR

0 stars

Freelance Toolkit FR

0 stars

Deploy Kit

0 stars

French Services

0 stars

Published by @HugoSbl on ClawHub