Entrepreneur PM Framework
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This instruction-only PM framework is coherent for agent management, but it points agents to a Shopify admin token and live store-update workflows, so it needs careful review before use.
Treat this as a Review item rather than malware. It has no code or installer, but only install it in an environment where you trust the agent to see Leevar-specific operational details and potentially use Shopify admin credentials. Before use, require explicit approval for Shopify mutations, limit token permissions, monitor spawned subagents, and periodically audit /workspace/memory and any skill updates.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could access a Shopify admin token and make privileged store changes if the token exists in the environment.
This tells agents where to find a local Shopify admin credential and which admin API to use. The provided requirements list no primary credential or env vars, so this high-impact account authority is under-declared and not tightly scoped.
GraphQL: `https://nsb9ct-sc.myshopify.com/admin/api/2024-01/graphql.json` ... Token: 在 `/home/minimax/.openclaw/secrets/.env` 的 SHOPIFY_ADMIN_TOKEN
Declare the Shopify credential requirement, use a least-privilege token, restrict allowed API actions, and require explicit user confirmation before any admin mutation.
Product pages or variants could be changed on the live store without the user reviewing the exact change first.
The example workflow encourages direct live Shopify mutation rather than a preview, diff, or approval gate. Product-page changes are business-impacting even when they are purpose-aligned.
通过 Shopify REST API PUT 更新 body_html ... 输出要求:- 直接更新 Shopify,不需要先生成文件
Default to dry-run or draft output, show a diff of intended changes, and ask for explicit approval before updating Shopify data.
Subagents may keep working for a long time or act with broad inherited permissions if a task package is too vague.
The skill intentionally orchestrates long-running and parallel subagents with inherited permissions. This fits the team-management purpose and includes a suggested parallelism limit, but users should monitor it.
`sessions_spawn subagent` | `继承主 Agent` ... `大任务` | `30分钟-2小时` | `sessions_spawn + 自动报告` ... `超大任务` | `>2小时` | `拆分 → 多个 subagent 并行`
Set clear task boundaries, timeouts, maximum parallelism, and required human approval for any high-impact action performed by spawned agents.
Private task details or incorrect conclusions could be reused in later tasks and influence future agent behavior.
The skill stores task learnings and may update future skill behavior. This is disclosed and purpose-aligned, but persistent memory can retain sensitive details or propagate bad lessons.
写入位置:`/workspace/memory/learnings-[YYYY-MM].md` ... `Skill 更新(rules/references 更新)` ... `下次自动调用正确方法`
Review learning files regularly, avoid storing secrets or customer data, and require user approval before editing installed skill instructions.