ClawHub

Ecwid Ecommerce

v1.0.2

Ecwid REST API v3 integration for managing e-commerce store data including products, orders, customers, categories, discount coupons, promotions, abandoned c...

0· 43·0 current·0 all-time
by@droneitgroup
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the requested artifacts: the skill is an Ecwid API integration and only asks for ECWID_STORE_ID and ECWID_SECRET_TOKEN, which are exactly what's needed to call the Ecwid REST API.
Instruction Scope
SKILL.md contains only API usage patterns, endpoints, parameters, and authentication instructions for Ecwid. It does not instruct reading local files, other environment variables, or sending data to third-party endpoints outside Ecwid.
Install Mechanism
No install spec and no code files — instruction-only skills have low disk/write risk. The skill relies on HTTP calls (curl or direct API) which is expected.
Credentials
Only two env vars are required (store ID and secret token) and the primary credential is the Ecwid secret token — this is proportional to the stated purpose. The README even recommends using minimal scopes for read-only needs.
Persistence & Privilege
Skill does not request always:true and is user-invocable only. There is no evidence it modifies other skills or system-wide settings.
Assessment
This skill appears coherent and low-risk for its purpose, but treat the ECWID_SECRET_TOKEN as sensitive: only provide tokens with the minimum scopes needed (prefer read-only tokens for read tasks), test against a sandbox store first, don't paste or share full admin tokens, rotate tokens if you suspect exposure, and confirm the publisher (the SKILL.md points to https://github.com/droneitgroup). Because this is instruction-only, there's no installed code to inspect — the main risk is accidental use of an overly-permissive token or network calls using your token, so review what token you supply before enabling the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk9782dqf8et15q6b1kvsysxntx840rxx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛒 Clawdis
EnvECWID_STORE_ID, ECWID_SECRET_TOKEN
Primary envECWID_SECRET_TOKEN

Comments