← Back to stories A person points to t-shirt options in an online store on a laptop screen.
Photo by MART PRODUCTION on Pexels
凤凰科技 2026-03-13

Taobao (淘宝) desktop app lets local AI "agents" automate shopping — but exposes a lot of user data

What changed

Taobao (淘宝), the consumer e‑commerce arm of Alibaba Group (阿里巴巴), has updated its desktop client to version 2.5.0 and added support for AI tools via a localized MCP protocol. The new feature lets users, with explicit authorization, pair an on‑device AI "agent" such as OpenClaw to perform routine shopping tasks — searching, filtering, comparing and adding items to cart — by simulating clicks and scraping product and shop pages. Payment still requires the user's direct confirmation, Taobao notes, so the agent cannot complete purchases autonomously.

How it works and early reports

The capability is implemented by opening a designated local port on the machine running the Taobao client and pairing that port with an AI agent installed on the same device; the client exposes interactive page elements and product metadata to the agent for automation. It has been reported that users found the AI responsive on basic fields like product names, specs and price, but that current interface permissions prevent the agent from reading and filtering detailed product reviews. Taobao has published configuration documentation and a guided flow to hand links over to agents for setup.

Privacy and security implications

Taobao's release notes explicitly warn that enabling the MCP service will expose substantial personal data to paired agents — including Taobao nickname, avatar, shipping addresses, contact details, order history, cart contents, browsing history, followed shops and chat records — and that those data "may be further exposed to models." For users worried about leakage, the company recommends not enabling the service. It has been reported that some technically proficient users discovered ways to change the listening port to allow cross‑machine control, a practice that raises obvious security risks and should be treated cautiously.

Why this matters beyond the app

For Western readers: this is part of a broader push in China to embed AI into consumer services while keeping compute and data locally controlled — a trend accelerated by chip restrictions and geopolitical tensions that have encouraged domestic AI tooling and protocols. The Taobao move illustrates the tradeoff regulators and consumers are grappling with everywhere: richer, automated convenience versus wider surface area for data exposure. Will shoppers trust local AI agents with their profiles and histories? The answer will shape how fast automated shopping spreads in China’s vast e‑commerce market.

AISpace
View original source →