Customer Support Command Center
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to helpdesk or messaging tools, the agent could send incorrect replies, route tickets incorrectly, or trigger workflows before a human reviews them.
This shows the skill is intended to support automated routing and customer replies. That is aligned with support operations, but the artifacts do not clearly require human review before customer-facing messages or workflow triggers.
**Automation rules** — auto-routing, canned responses, confidence-gated auto-replies
Use this skill in draft/recommendation mode by default, and require explicit approval before sending customer messages, notifying teams, changing tickets, or triggering escalation/retention workflows.
If the agent has access to billing or account-management tools, it could make financially meaningful changes or disclose account details without enough guardrails.
The billing template assumes access to account and billing data and contemplates refunds, credits, and billing-setting changes, but the metadata declares no credentials, scopes, or approval boundaries.
I've looked into your account ... [Resolution: refund processed / credit applied / explanation of charge] ... updated billing settings
Grant only narrowly scoped support permissions, separate read-only account lookup from billing mutation rights, and require human confirmation for refunds, credits, plan changes, or compensation.
Customer personal and business information may be included in prompts, summaries, reports, or future support context.
The triage checklist asks the agent to collect customer identifiers, commercial value, ticket history, and sentiment context. This is expected for support operations, but it is sensitive customer data.
customer: name, email, plan, tenure_months, ltv, previous_tickets, sentiment_history
Limit collection to necessary fields, avoid storing sensitive details in long-term memory unless approved, and ensure retention and access controls match your privacy obligations.