Product Research
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its product-research purpose, but its setup asks for unpinned installs and a blanket update of all ClawHub skills, which can change unrelated agent tools.
Review the setup commands before running them. Avoid the blanket `update --all` unless you want every installed ClawHub skill updated, and confirm any WooCommerce or Shopify draft action before allowing the agent to create content in a connected store.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing this skill as written could update other tools you have installed, potentially changing how unrelated skills behave.
The setup uses latest-version package/skill installs and then updates all installed ClawHub skills, not just this skill’s named dependencies. That is overbroad for a product-research skill and can change unrelated agent behavior.
npx -y clawhub@latest install tavily-search ... npx -y clawhub@latest update --all
Install only the required named dependencies, avoid `update --all` unless you intend to update every skill, and prefer pinned or reviewed versions where possible.
The agent may create drafts in your WooCommerce store if the required gateway connection is available.
Creating a product draft is purpose-aligned and disclosed, but it is still a mutation in a connected e-commerce account.
WooCommerce path: create product draft via api-gateway `woocommerce` endpoints.
Require a final confirmation before any store draft is created, and review draft titles, descriptions, prices, images, and publication status before using them.
The skill can use your connected service accounts to search, analyze, and potentially create e-commerce drafts.
The skill clearly discloses its need for API keys and OAuth-backed app connections. These are expected for the workflow, but they grant access to external services and connected store/marketplace accounts.
Required Credentials: `TAVILY_API_KEY`, `GOOGLE_PLACES_API_KEY`, `MATON_API_KEY` ... requires active per-app OAuth connections (`ctrl.maton.ai`)
Use least-privilege API keys and OAuth connections, revoke connections you no longer need, and verify which apps are connected in the gateway before running deployment steps.
Product research data and store-draft actions may be sent through the API gateway and onward to connected services.
The workflow routes store and marketplace operations through a gateway with connected OAuth apps. This is disclosed and purpose-aligned, but users should understand that product data and commands pass through that provider flow.
`api-gateway` ... marketplace/analytics connectors if available in user account, WooCommerce product draft creation ... active per-app OAuth connections (`ctrl.maton.ai`)
Review the gateway provider’s connected apps and permissions, and avoid sending confidential product plans unless you are comfortable with that routing.