Ucp Buyer Consent
PassAudited by ClawScan on May 13, 2026.
Overview
This instruction-only skill is coherent for implementing UCP checkout consent and shows no hidden code, credential use, or suspicious behavior.
This appears safe to use as an instruction-only implementation guide. Before installing or invoking it, ensure any generated checkout changes keep consent human-approved, validate live UCP documentation, review external examples, and handle stored consent records with appropriate privacy controls.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may incorporate information from current web pages or sample repositories when helping implement the extension.
The skill directs the agent to rely on live external documentation and GitHub examples. This is coherent with implementing a current protocol spec, but it means generated work may depend on mutable external content.
Fetch `https://ucp.dev/specification/buyer-consent/` ... Web-search `site:github.com Universal-Commerce-Protocol buyer consent`
Use the official UCP specification as the primary source, review any GitHub examples before adopting them, and do not run third-party sample code blindly.
A generated implementation may store users' consent choices and timestamps, which should be protected and retained only as needed.
The skill recommends persistent storage of consent records. This is purpose-aligned for privacy compliance, but consent records can be privacy-relevant user data.
Store consent records with timestamps for audit compliance (your application should track this; the protocol does not include a consent_timestamp field)
Ensure the implementation limits stored consent data, protects access, defines retention/deletion rules, and supports consent withdrawal where required.