ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Store Management

v0.2.0

Manage a Mobazha store using MCP tools — products, orders, messages, and settings. Requires an active MCP connection (see store-mcp-connect).

0· 118·0 current·0 all-time
by@fengzie

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for fengzie/mobazha-store-management.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Store Management" (fengzie/mobazha-store-management) from ClawHub.
Skill page: https://clawhub.ai/fengzie/mobazha-store-management
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install mobazha-store-management

ClawHub CLI

Package manager switcher

npx clawhub@latest install mobazha-store-management
Security Scan
Capability signals
CryptoRequires walletCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description and the SKILL.md are coherent: all tools and workflows (listings, orders, chat, discounts, collections, profile, settings, notifications) are consistent with managing a Mobazha store via MCP. However, the registry metadata lists no primary credential while SKILL.md declares requires_credentials: true and lists an MCP session token — this mismatch is unexpected and should be clarified.
Instruction Scope
Runtime instructions stay within store-management functionality (listing creation/update/delete, order lifecycle, messaging, discounts, collections, profile, settings). A caution: the 'Add Product' workflow accepts product images or URLs to download; downloading arbitrary URLs is an action that reaches outside the platform and should be explicitly authorized and validated. The instructions do not ask the agent to read local files, unrelated env vars, or other system config.
Install Mechanism
No install spec and no code files — this is instruction-only and does not write code to disk or pull external binaries. That minimizes supply-chain risk.
!
Credentials
SKILL.md requires an MCP session token (credential_types: MCP session token via store-mcp-connect), which is appropriate for a store-management skill. But the published registry metadata shows no primary credential and no required env vars — a clear inconsistency. Also, although no other secrets are requested, the skill's ability to perform actions (confirm/complete/refund orders, release escrow) means the MCP credential grants substantial control and should be treated as sensitive.
Persistence & Privilege
The skill is not forced-always, and model invocation is allowed (platform default). It does not request persistent system-wide configuration or elevated privileges. No additional persistence concerns observed.
What to consider before installing
This skill appears to do what it says (manage a Mobazha store), but the package metadata omitted the declared MCP credential that SKILL.md requires — confirm with the publisher why the registry doesn't list the MCP credential. Before installing: (1) verify the skill's publisher and inspect the related store-mcp-connect skill to ensure session token handling is safe, (2) avoid providing long-lived or high-privilege MCP credentials until you trust the skill, (3) be cautious about allowing the agent to download images from arbitrary URLs (malicious content or exfiltration risk), and (4) run initial tests with a limited/test seller account and monitor actions (order changes, refunds, fund releases) rather than your production store.

Like a lobster shell, security has layers — review code before you run it.

latestvk973675ttzp5kdqm5vr681wh6h85bapg
118downloads
0stars
2versions
Updated 6d ago
v0.2.0
MIT-0
@fengzie
latest
Download

Store Management via AI

This skill teaches AI agents how to manage a Mobazha store using MCP tools. It requires a working MCP connection — see store-mcp-connect skill first.

Product Management

List All Products

Tool: listings_list_mine
Parameters: (none)

Returns all listings owned by the authenticated seller, including title, price, stock, status.

Get Product Details

Tool: listings_get
Parameters:
  slug_or_cid: "my-product-slug"   (required)

Create a Product

First, get the listing template to see all available fields:

Tool: listings_get_template
Parameters: (none)

Then create the listing:

Tool: listings_create
Parameters:
  listing_json: '{"title":"...", "description":"...", "price":29.99, ...}'   (required)

The listing_json should include at minimum: title, description, price, priceCurrency, quantity, condition, listingType.

Update a Product

Tool: listings_update
Parameters:
  listing_json: '{"slug":"existing-slug", "title":"Updated Title", ...}'   (required)

Include the slug to identify which listing to update.

Delete a Product

Tool: listings_delete
Parameters:
  slug: "my-product-slug"   (required)

Typical "Add Product" Workflow

When a seller says "add a product," follow this sequence:

  1. Ask for: product name, description, price, currency, stock quantity
  2. Ask for product images (or accept URLs to download)
  3. Call listings_get_template to get the full schema
  4. Fill in the template with provided values
  5. Call listings_create with the JSON
  6. Confirm success and share the listing URL

Order Management

View Sales (Seller Perspective)

Tool: orders_get_sales
Parameters:
  limit: "20"    (optional, default varies)
  offset: "0"    (optional)

View Purchases (Buyer Perspective)

Tool: orders_get_purchases
Parameters:
  limit: "20"    (optional)
  offset: "0"    (optional)

Get Order Details

Tool: orders_get_detail
Parameters:
  order_id: "QmXyz..."   (required)

Order Lifecycle Actions

ActionToolWhen to Use
Confirmorders_confirmAccept an incoming order
Declineorders_declineReject an order
Fulfillorders_fulfillMark as shipped, add tracking
Completeorders_completeRelease escrow funds
Refundorders_refundIssue a refund
Cancelorders_cancelCancel as buyer

Fulfill with tracking info:

Tool: orders_fulfill
Parameters:
  order_id: "QmXyz..."            (required)
  shipper: "FedEx"                (optional)
  tracking_number: "123456789"    (optional)
  note: "Shipped via express"     (optional)

Typical "Process New Orders" Workflow

When a seller says "check my orders":

  1. Call orders_get_sales to list recent orders
  2. Summarize: how many new/pending, total revenue
  3. For each pending order, ask if the seller wants to confirm or decline
  4. After confirming, ask if they have tracking info to fulfill

Buyer Communication

List Conversations

Tool: chat_get_conversations
Parameters: (none)

Read Messages

Tool: chat_get_messages
Parameters:
  room_id: "!abc:matrix.org"    (use room_id or peer_id)
  peer_id: "QmPeerID..."        (alternative to room_id)
  limit: "20"                   (optional)

Send a Message

Tool: chat_send_message
Parameters:
  message: "Thanks for your order!"    (required)
  room_id: "!abc:matrix.org"           (use room_id or peer_id)
  peer_id: "QmPeerID..."              (alternative)
  order_id: "QmOrderID..."            (optional, links message to order)

Typical "Reply to Buyers" Workflow

  1. Call chat_get_conversations to see active chats
  2. For conversations with unread messages, call chat_get_messages
  3. Summarize buyer questions for the seller
  4. Draft replies based on seller's instructions
  5. Send via chat_send_message after seller approval

Discounts and Promotions

List Discounts

Tool: discounts_list
Parameters: (none)

Create a Discount

Tool: discounts_create
Parameters:
  discount_json: '{"title":"Summer Sale", "discountType":"PERCENTAGE", "value":20, ...}'   (required)

Update / Delete

Tool: discounts_update
Parameters:
  discount_id: "abc123"         (required)
  discount_json: '{"value":25}'  (required)

Tool: discounts_delete
Parameters:
  discount_id: "abc123"   (required)

Collections

List Collections

Tool: collections_list
Parameters: (none)

Create a Collection

Tool: collections_create
Parameters:
  collection_json: '{"name":"Best Sellers", "description":"Our top products"}'   (required)

Add Products to Collection

Tool: collections_add_products
Parameters:
  collection_id: "abc123"                              (required)
  products_json: '["product-slug-1","product-slug-2"]'  (required)

Store Profile

View Profile

Tool: profile_get
Parameters: (none)

Update Profile

Tool: profile_update
Parameters:
  profile_json: '{"name":"Updated Store Name", "shortDescription":"New tagline"}'   (required)

Settings

View Storefront Settings

Tool: settings_get_storefront
Parameters: (none)

Returns storefront configuration including accepted currencies, shipping options, return policy, terms of service, and store appearance settings.

Notifications

Check Notifications

Tool: notifications_list
Parameters:
  limit: "10"    (optional)
  offset: "0"    (optional)

Unread Count

Tool: notifications_unread_count
Parameters: (none)

Mark as Read

Tool: notifications_mark_read
Parameters:
  notification_id: "abc123"   (required)

Finance and Rates

Exchange Rates

Tool: exchange_rates_get
Parameters:
  currency: "USD"   (optional, returns all if omitted)

Receiving Addresses (Crypto Wallets)

Tool: wallet_get_receiving_accounts
Parameters: (none)

Returns the external wallet addresses configured for receiving payments.

Fiat Payment Providers

Tool: fiat_get_providers
Parameters: (none)

Tool: fiat_get_provider_config
Parameters:
  provider_id: "stripe"   (required)

Marketplace Search

These tools search the public marketplace, not just your store. Useful for market research.

Search Listings

Tool: search_listings
Parameters:
  query: "vintage watches"    (optional)
  page: "1"                   (optional)
  pageSize: "20"              (optional)
  sortBy: "relevance"         (optional)

Search Seller Profiles

Tool: search_profiles
Parameters:
  query: "electronics"   (optional)
  page: "1"              (optional)
  pageSize: "20"         (optional)

Note: Search tools are only available when the MCP server was started with --search-url configured.

Best Practices for AI Agents

  1. Always confirm before destructive actions — deleting products, declining orders, issuing refunds
  2. Ask for explicit user consent before initiating any MCP connection or executing store operations
  3. Summarize before acting — show the seller what you found before making changes
  4. Batch intelligently — process multiple orders or products in sequence, reporting progress
  5. Use templates — call listings_get_template before creating products to ensure valid JSON
  6. Respect rate limits — space out rapid consecutive calls
  7. Never log or display tokens — MCP credentials must not appear in agent output or logs

Comments

Loading comments...