Skillv1.0.0

ClawScan security

Solo Ecommerce Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 26, 2026, 11:17 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill generally matches its ecommerce automation description, but there are multiple coherence issues (data-path mismatches, undeclared runtime requirements like Chrome remote debugging/xbrowser, and unclear handling of platform credentials) that warrant caution before installing.
Guidance: What to consider before installing: - Data directory inconsistency: SKILL.md and many scripts expect ~/.qclaw/solo-ecommerce-data, but other scripts (init_agent.py, daily_report.py) use ~/solo-ecommerce-data and metadata.json lists data_dir as "solo-ecommerce-data". This will cause duplicate/missing data files and confusion — ask the author which path is canonical and verify where config.json and logs will actually be written. - Browser automation & Chrome remote debugging: The skill expects xbrowser automation and instructs running Chrome with --remote-debugging-port=9222. That gives the automation access to logged-in web sessions; if that debugging port is exposed on the network it can be abused. Only run remote debugging on a local, firewalled host and understand the risk to your browser sessions. - Credentials handling: Platform API keys (AppKey/AppSecret) and any cookies/session tokens are sensitive. The skill does not declare required env vars or a secure credential storage method. Decide where keys will be stored (and restrict file permissions), and prefer API-based integration with scoped credentials instead of storing full account login sessions if possible. - Stubbed implementations: Many scripts are placeholders with TODOs for real API calls and automation. Review any added automation code carefully (especially any code that will execute arbitrary scripts, upload files, or interact with third-party endpoints) before enabling auto-publish/auto-ship features. - Cron and automation cadence: The SKILL.md recommends high-frequency cron tasks (every 5 minutes, hourly). Start with disabled automation and trial runs to confirm behavior; enable only modules you trust and keep 'publish'/'ship' controls set to require manual review until you confirm correctness. - If you need to proceed: run the agent in an isolated account or environment first, verify which data_dir is used, inspect config.json for how credentials are stored, and do not expose Chrome remote debugging to the network. Ask the publisher to fix the data-dir inconsistency and to document exactly how to supply and protect platform credentials.

Review Dimensions

Purpose & Capability: noteName, description, SKILL.md and the included scripts align: the package is an ecommerce automation agent that uses browser automation or platform APIs. Metadata declares a dependency on an xbrowser/browser automation skill which is coherent for the stated purpose. However there are inconsistent data-dir expectations across files and metadata (see details), and SKILL.md/README ask the user to enable Chrome remote debugging (--remote-debugging-port=9222) but the registry metadata did not list Chrome or that setting as a required runtime precondition.
Instruction Scope: noteSKILL.md instructs the agent to set up cron jobs, keep browser sessions logged-in, and use browser automation (xbrowser) to operate seller backends. The included scripts are mostly local-file I/O stubs (they contain TODOs where real platform API calls or automated actions should be). There are no instructions to read unrelated system files or environment secrets, but the reliance on browser automation + preserved login sessions means the agent could perform account actions if configured — this is expected for the purpose but sensitive. SKILL.md also expects editing ~/.qclaw/solo-ecommerce-data/config.json, which is coherent, but not all scripts read the same path (see concern).
Install Mechanism: okNo install spec included (instruction-only with packaged scripts). This is low-risk from install-download perspective — nothing arbitrary is downloaded or extracted by the skill itself.
Credentials: noteThe skill declares no required env vars or primary credential, yet SKILL.md and README discuss optional API keys (AppKey/AppSecret) and require browser automation and Chrome remote debugging. There is no clear guidance where API keys should be stored (env vs config file). This omission is not necessarily malicious, but it is a gap: platform credentials will be needed for API-based integration and are sensitive. The skill asks the user to maintain logged-in browser sessions (sensitive) and to open Chrome with remote debugging enabled (exposes a remote debugging interface if misconfigured).
Persistence & Privilege: okThe skill is not force-included (always:false) and is user-invocable. It creates and writes files under the user's home directory data directory (normal for this type of tool). It does not request to modify other skills or global agent settings. Cron tasks are user-installed per SKILL.md (the skill does not autonomously register system-wide cron jobs).