The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes subprocess.run and os.startfile to open QR code images using system utilities (such as open, xdg-open, or the default Windows handler). This is a standard functional requirement for displaying the login QR code to the user. The commands target specific image files saved within a restricted directory in the user's home folder.
[CREDENTIALS_UNSAFE]: The skill handles sensitive authentication tokens (PASSPORT_ACCESS_TOKEN). It follows security best practices by storing these credentials in ~/.vipshop-user-login/tokens.json with owner-only file permissions (0o600), ensuring that the login session is kept private and secure from other local users.
[EXTERNAL_DOWNLOADS]: The skill retrieves QR code images and polls login status from the official Vipshop passport service (passport.vip.com). These network operations are strictly limited to the vendor's infrastructure and are necessary for the skill's primary function.
[PROMPT_INJECTION]: The SKILL.md file contains instructions labeled as "IMPORTANT" or "CRITICAL" regarding how the AI agent should extract and display the QR code. These are operational constraints intended to ensure a correct user interface experience and do not attempt to override safety protocols or bypass agent restrictions.

vipshop-user-login