Ecommerce Manager Claw
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is not overtly malicious, but it asks for powerful ecommerce admin credentials and can make live store changes with broad invocation and limited safety boundaries.
Use this only if you are comfortable giving an agent live access to your ecommerce backend. Create narrowly scoped, temporary API credentials for the specific task, review every proposed write before approval, and revoke or rotate credentials after the session.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may steer a normal conversation toward collecting store credentials or accessing a backend even when the user did not clearly request that.
This forces broad skill invocation, including casual mentions, before the user has clearly asked to access or manage a live store.
Use this skill whenever the user mentions their online store, shop, or ecommerce platform — even casually... Always use this skill when the user wants to interact with or retrieve data from any ecommerce backend.
Invoke this skill only after the user explicitly asks to access, inspect, or change an ecommerce backend.
A token shared with the agent could allow live changes to products, inventory, orders, and customer records if misused or exposed.
The skill guides users to grant broad read/write store permissions, including customer data and order/product mutation authority.
enable the Admin API scopes you need: - `read_products`, `write_products` — for product management - `read_orders`, `write_orders` — for order management - `read_inventory`, `write_inventory` — for inventory - `read_customers`, `write_customers` — for customers
Use least-privilege, task-specific, short-lived or revocable credentials; avoid full admin tokens unless absolutely necessary, and rotate tokens after use.
Non-deletion changes such as price edits, fulfillment updates, customer edits, or stock changes could still have real business impact if performed without a clear preview and confirmation.
The instructions authorize broad live API mutations, while explicit confirmation is only required elsewhere for destructive actions such as product deletion or order cancellation.
Orders → view recent orders, update status, mark as fulfilled, cancel ... Products → list products, add new ones, edit price/description/images, delete ... Customers → look up a customer, view order history, update details
Require explicit user confirmation and a summary of the exact change before every write operation, not only deletes or cancellations.
Users may be more willing to paste long-lived admin secrets into the agent because they believe there is no storage or retention risk.
This is a strong credential-storage assurance, but the artifacts do not show a mechanism that can guarantee credentials entered into chat are never retained by any system.
"These are only used for this session and are never stored anywhere."
Do not promise credentials are never stored unless the platform enforces it; tell users to use temporary, scoped credentials and revoke or rotate them afterward.