ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

cart-agent

v0.1.0

Shopping cart optimization

0· 8·0 current·0 all-time
by@hanxueyuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name and description match (cart optimization). However the SKILL.md says "Set up API credentials in environment variables as needed for each supported platform" but the registry metadata lists no required env vars or credentials — an inconsistency. A shopping integration can legitimately need platform API keys, but the skill should declare which ones and why.
!
Instruction Scope
Instructions are high-level and open-ended (web search → product ranking), and say the skill activates on many shopping-related prompts. They do not explicitly restrict what the agent may read or access (e.g., cart contents, accounts) or how it obtains them. That vagueness could lead the agent to request or handle user account credentials or perform actions (the roadmap even mentions future autonomous purchasing).
Install Mechanism
No install spec and no code files are present, so nothing is written to disk or downloaded by the skill itself. This lowers install-time risk.
!
Credentials
No specific environment variables or primary credential are declared, but the text implies multiple platform API credentials may be required. The lack of explicit declarations makes it unclear which secrets the skill will ask for or need, and whether they would be minimally scoped.
Persistence & Privilege
always is false and the skill does not request persistent or system-wide configuration. Autonomous invocation is allowed (platform default), which is expected for skills, but combined with the vague instruction set this increases potential blast radius — worth monitoring but not an immediate flag on its own.
Scan Findings in Context
[no_code_files_for_regex_scan] expected: The repository is instruction-only (SKILL.md). The regex scanner had nothing to analyze; this absence is expected for instruction-only skills but means behavioral details must be judged from the prose.
What to consider before installing
This skill could reasonably be used for cart optimization, but the SKILL.md is vague about which platforms it integrates with, what credentials it will request, and what it is allowed to do on your behalf (e.g., apply coupons, place orders). Before installing or enabling it: 1) Ask the author which e-commerce platforms are supported and exactly which environment variables or account tokens the skill will require; 2) Never provide full account passwords—prefer API keys with minimal scope and revocable tokens; 3) Ask whether the skill will perform purchases autonomously and disable any automatic purchasing capability unless you explicitly authorize it; 4) Request a privacy/security statement describing how credentials are stored and used; 5) If you proceed, monitor the skill's requests and revoke tokens you don't recognize. More explicit declarations from the author (required env vars, example flows, which endpoints are called) would raise confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bfvj9fm8gk5xp8kj9bcjrg18414aa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛒 Clawdis

SKILL.md

🛒 Cart Agent

Shopping cart optimization

What It Does

Optimizes your shopping cart across platforms. Finds better prices for items already in your cart, suggests bundle deals, applies available coupons automatically, and calculates total savings. Helps avoid impulse buys by analyzing cart contents against your stated needs.

Usage

When the user mentions buying, purchasing, shopping, or looking for product deals, this skill activates to help find the best options.

Example Prompts

  • "Find me the best deal on [product]"
  • "Compare prices for [product] across platforms"
  • "Is there a coupon for [product]?"
  • "Help me buy [product] under [budget]"

Configuration

Set up API credentials in environment variables as needed for each supported platform.

Architecture

User Request → Intent Parser → Product Search API → Result Ranker → Recommendation Display

Roadmap

  • v0.1: Basic product search via web search
  • v0.2: Platform API integration
  • v0.3: Price tracking and alerts
  • v1.0: Full autonomous purchasing flow

Author

Created by hanxueyuan as part of the Agent Commerce initiative. License: MIT

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…