Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name, description, and runtime instructions describe an agent commerce layer (search, negotiate, order). The skill declares no unrelated env vars, binaries, or config paths — nothing requested is disproportionate to a commerce connector.
Instruction Scope
SKILL.md is high-level prose only (no commands or file operations). It does not instruct the agent to read system files or other credentials, but it is vague about how integrations will be done and when/what credentials will be used.
Install Mechanism
No install spec and no code files are present (instruction-only). This minimizes on-disk risk; there are no downloads or package installs to review.
Credentials
The doc says "Set up API credentials in environment variables as needed," but does not list or require any specific secrets. Requesting platform API credentials is expected for commerce functions, but the lack of explicit env var names means the exact credential scope is undefined.
Persistence & Privilege
Skill is not marked always:true and has default invocation settings. It does not request persistent system-wide configuration or permissions in the manifest.
Assessment
This skill appears internally consistent but is very high-level. Before installing or enabling it: (1) ask the author for concrete integration details and a list of exact environment variables the skill will require; (2) only provide scoped API keys (limited permissions) for marketplaces and payment providers, and prefer sandbox/test credentials during evaluation; (3) avoid supplying full payment-card or bank credentials unless you can inspect the code or trust the integration; (4) monitor activity and revoke credentials if unexpected purchases occur; and (5) consider requesting a code-backed release (not just SKILL.md) so you can review network endpoints and exact behavior if you plan to allow autonomous purchasing in the future.Like a lobster shell, security has layers — review code before you run it.
latestvk975ftf107a44qf9gjqx3yjbvs83y733
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛒 Clawdis