Php Point Of Sale
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overly broad request could create or alter sales, purchase, payment, or inventory-related records if the connected account permits it.
This indicates the skill may be able to perform purchase-like or transaction-changing POS actions. That is coherent with a point-of-sale integration, but higher impact than read-only data access.
Capability signals: can-make-purchases
Use explicit instructions and review/confirm sales, payment, inventory, and purchase-changing operations before allowing them to be submitted.
The agent may act with the privileges of the connected Membrane/PHP Point of Sale account, including access to business and transaction data.
The skill appears to require OAuth or sensitive account access even though the formal credential fields are not populated. This may be normal Membrane-managed auth, but users should verify what scopes the connected account grants.
Primary credential: none ... Capability signals: requires-oauth-token; requires-sensitive-credentials
Connect only a least-privileged account or token, check OAuth scopes, and revoke access when the integration is no longer needed.