ClawHub
Back to skill
v1.0.0

Retail Knowledge

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:03 AM.

Analysis

This is a coherent retail knowledge-base Q&A skill, with notable but purpose-aligned handling of local KB files, session context, query logging, and a membership example that may request a phone number.

GuidanceThis skill appears safe for normal retail knowledge-base Q&A. Before installing, confirm which knowledge-base file it should read, avoid storing unnecessary customer personal data in that KB, and make sure any phone-number-based membership lookup or query logging follows your store’s privacy rules.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityInfoConfidenceHighStatusNote
scripts/kb_search.py
parser.add_argument("--kb", required=True, help="Path to knowledge_base.json") ... kb = json.loads(kb_path.read_text(encoding="utf-8"))

The helper reads a caller-specified local JSON file and outputs matching entries. This is central to local KB search, but the file path should be limited to the intended retail knowledge base.

User impactIf the helper is pointed at the wrong JSON file, it could reveal entries from that file in the answer context.
RecommendationUse only the configured retail knowledge-base file and avoid placing private customer or staff records in that KB unless the deployment has appropriate access controls.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceMediumStatusNote
references/answer-style-guide.md
回复本消息您的手机号,我帮您查

A membership-points example suggests asking the customer to reply with a phone number so the agent can check the balance. That is plausible for retail service, but it involves a personal identifier and account-style lookup that is not otherwise described by credentials or backend configuration.

User impactCustomers could be asked to share a phone number in chat for membership-related help.
RecommendationOnly ask for phone numbers when the store has authorized that workflow, explain why it is needed, and prefer self-service or staff handoff if no secure membership lookup integration is configured.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
Maintain context across turns within a session ... Log the query internally for Step 12 gap digest

The skill directs the agent to remember session context and internally log unanswered queries. This is purpose-aligned for better Q&A, but it creates retained conversation data that should be scoped.

User impactCustomer or staff questions, preferences, or unresolved issues may be retained for later review.
RecommendationDocument where logs are stored, how long they are kept, and avoid logging sensitive personal data unless explicitly approved.