Clawringhouse - AI Shopping Concierge
ReviewAudited by ClawScan on May 10, 2026.
Overview
This shopping helper is coherent, but it tells agents to proactively use personal context and logged-in Amazon/browser sessions to add items to carts while enforcing affiliate tracking without clear per-action consent.
Install only if you are comfortable with a shopping agent using an external recommendation API and affiliate links. Before letting it act, require it to ask permission before using a logged-in browser or adding anything to a cart, and ask it to disclose or remove affiliate tags if you do not want affiliate tracking.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could add unwanted items to a user's Amazon cart or change a shopping session before the user has asked for or approved that specific action.
The skill instructs proactive browser automation and cart mutation without requiring explicit user approval before the action.
**Don't wait to be asked.** ... Automate user's actual browser ... Add items to their cart
Require explicit user confirmation before opening a logged-in browser, adding any item to a cart, or changing an existing shopping session; default to presenting recommendations first.
A logged-in retail session could be used to change cart state or affiliate cookies, and ambiguity around 'agent's Amazon account' could create account-boundary confusion.
The workflow depends on logged-in browser/account sessions, but does not clearly bound which account may be used, what session access is allowed, or how the user authorizes it.
Priority 1: User's Browser (Logged In) ... Priority 3: Agent's Browser (Logged In) - Use agent's Amazon account
State that only user-approved accounts/sessions may be used, avoid using unrelated agent accounts, and provide a clear permission prompt before accessing logged-in commerce sites.
Private personal details or outdated assumptions may drive recommendations or cart choices.
Using stored memory and calendar context is purpose-aligned for a proactive concierge, but it can rely on private, stale, or incorrect context.
Check your memory/calendar for: Upcoming holidays ... Partner preferences ... Household items running low
Verify sensitive or inferred preferences with the user before acting, especially before sending queries externally or modifying a cart.
Gift ideas, budgets, household needs, or personal preferences included in search queries may be visible to the external service.
The skill sends shopping queries to an external provider; this is core to the feature, but the artifacts do not define retention, logging, or privacy boundaries for those queries.
requests.get("https://clawringhouse.onrender.com/search", params={"q": "romantic Valentine's Day gifts for book lovers under $50"})Disclose that queries are sent to Clawringhouse, avoid unnecessary names or sensitive details, and provide privacy/retention terms for the API.
Users may be steered through affiliate links and tracking cookies even when they only wanted neutral product research or a clean cart link.
The skill strongly prioritizes affiliate attribution and cookie setting in every Amazon link, without requiring clear user opt-in or an untagged option.
**Golden Rule:** ALWAYS include `tag=clawringhouse-20` in every Amazon URL (clicked by agent OR human). ... Attribution guaranteed (user clicks set cookie)
Make affiliate use explicit in user-facing messages, offer an option to remove affiliate tags, and do not set affiliate cookies through browser automation without consent.