Ecom Manager D2c
WarnAudited by ClawScan on May 18, 2026.
Overview
Review before installing because the skill is designed to change ecommerce prices, inventory, ads, and public content through broad integrations and chat commands without clearly defining safety limits.
Only install this skill if you can run it with strict approvals and least-privilege integrations. Start in read-only or report-only mode, require human confirmation for all store, pricing, inventory, ad, and publishing changes, and make sure chat commands are limited to verified authorized users.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to store or ad accounts, the agent could change prices, inventory, ads, budgets, or public content in ways that affect revenue, costs, and brand reputation.
These are high-impact business and public-output actions, and the artifact instructs the agent to convert chat commands into actions without defining spending caps, price-change limits, publishing review, or scoped execution controls.
update_price(product_id, price) ... publish_blog(title, content) ... meta_update_budget(campaign_id, budget) ... Commands received through chat must be converted into actionable tasks.
Require explicit approval for all mutations, set budget and pricing limits, use dry-run/report-only mode by default, and restrict actions to named stores, products, campaigns, and users.
Connecting broad API tokens could give the agent significant authority over stores, ad spend, customer messaging, and analytics data.
The skill expects stored API tokens for multiple ecommerce, advertising, messaging, and analytics services, but the registry declares no credential contract and the artifacts do not specify token scopes or account boundaries.
Authentication should be handled using secure API tokens. The skill should store integration tokens securely and request authentication if missing.
Use least-privilege tokens, separate read-only from write tokens, document required scopes, and avoid storing credentials unless the storage mechanism and retention policy are clear.
A poorly controlled chat integration could let the wrong person or channel trigger changes to prices, ads, or store operations.
The skill allows high-impact store and ad operations to be triggered through external messaging channels, but does not define sender authentication, channel allowlists, approval routing, or command-origin validation.
Users can execute store tasks by sending messages through: WhatsApp, Slack, Telegram, Web chat ... "Increase price of hoodie by 10%" ... "Pause Meta ad set with lowest ROAS"
Require verified sender identity, workspace/channel allowlists, role-based permissions, signed webhook validation, and owner approval for any account-changing command.
Version mismatches can make it harder to know exactly which skill revision is being reviewed or installed.
The registry lists version 1.0.3 and SKILL.md lists version 1.0.2, while _meta.json lists 1.0.1. This is not malicious by itself, but it is a provenance/coherence issue.
"version": "1.0.1"
Ask the publisher to align registry, metadata, and SKILL.md versions before relying on the package in production.