Ecommerce Analyzer
Security checks across malware telemetry and agentic risk
Overview
The skill is a high-level ecommerce analytics instruction set with no code or credentials, but users should define limits for monitoring and verify any manually installed dependencies.
This appears safe to install as an instruction-only analytics skill, but treat monitoring and alerts as opt-in tasks: set clear targets, schedules, and stop conditions, and verify any dependencies before installing them manually.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user manually installs or enables these dependencies, they may grant the skill web access or browser automation capabilities that are not otherwise described in the install metadata.
The metadata references dependencies, including network and browser automation libraries, even though the registry/install section declares no install spec or required binaries.
"requirements": ["pandas", "requests", "selenium"]
Only install dependencies from trusted sources and confirm why requests or selenium are needed before using the skill for automated data collection.
Without clear user limits, monitoring or alerting tasks could continue longer or cover more products or stores than intended.
The skill advertises ongoing monitoring, automatic reporting, and price alerts. These are aligned with ecommerce tracking, but they imply activity that should be explicitly scoped by the user.
- 实时监控 - 自动报告 - 价格预警
Specify product or store IDs, platforms, time range, report frequency, notification target, and stop conditions whenever using monitoring or alert features.