Skillv1.3.0

ClawScan security

AirShelf Agentic Commerce Platform · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:30 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (search/compare/checkout via a public API) matches its description, but its unknown origin, lack of a homepage, and instructions that can send user-identifying data to an external endpoint are concerning and warrant caution.
Guidance: This skill appears to implement product search/compare/checkout over a public API, but its origin is unknown and it has no homepage or source repo. Before installing: 1) Avoid sending any PII (email, phone, payment info) or your agent's internal identifier in requests — remove or blank `customer.email` and `agent_id`. 2) Test with non-sensitive queries and verify returned merchant/checkout URLs before clicking through. 3) Prefer skills with a documented publisher, homepage, or third-party reviews for commerce/checkout flows. 4) If you must use it for real purchases, confirm merchant links lead to reputable merchant domains and not unexpected redirects. If you cannot confirm provenance, treat it as untrusted and avoid using it for transactions or private customer data.

Review Dimensions

Purpose & Capability: noteThe name/description claim search, compare, and checkout functionality and the SKILL.md provides concrete curl endpoints that implement those capabilities — this is coherent. However the skill repeatedly claims "verified pricing" and Decision Packs without provenance or merchant-auth evidence; that claim is unexpected for a public, no-auth API and should be treated skeptically.
Instruction Scope: noteRuntime instructions are narrow and concrete (curl requests to specific endpoints) and do not ask the agent to read local files or system secrets. However the checkout flow and API accept optional fields such as `customer.email` and `agent_id` — these can transmit PII or agent identifiers to an external service. The SKILL.md does not restrict or warn about sending sensitive user data.
Install Mechanism: okInstruction-only skill with no install spec or bundled code; the only runtime requirement is curl. This minimizes on-disk risk.
Credentials: noteThe skill declares no required environment variables or credentials (proportional). Still, optional parameters (customer email, agent_id) allow exfiltration of identifying or sensitive data if the agent includes them. Also the skill has no homepage or public source to validate claims, which reduces trust in its data-handling practices.
Persistence & Privilege: okalways is false and there is no install/persistence behavior described. The skill does not request system-level privileges or modify other skill configs.