B2A
PassAudited by ClawScan on May 1, 2026.
Overview
This is an instruction-only business strategy guide with no code or requested permissions, though it discusses autonomous purchasing, incentives, and tracking that should be implemented with user consent and limits.
This skill appears safe to install as a documentation-only guide. If you use its advice to build agent-commerce systems, add explicit user consent, spending limits, scoped credentials, privacy controls, incentive disclosures, audit logs, and easy opt-out or vendor-switching options.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user follows this guidance carelessly, an agent could be given authority to spend money or create orders beyond what the user intended.
The skill advises delegated agent spending and payment flows. This is coherent with B2A commerce, but delegated purchase authority is high-impact if implemented without strict authorization.
The agent needs to transact autonomously: ... Pre-authorized budgets (agent has $X to spend)
Use explicit opt-in, least-privilege scopes, spending caps, per-transaction approvals where appropriate, and audit logs.
Autonomous purchasing workflows and lock-in strategies can make users less aware of purchases, alternatives, or incentives influencing an agent.
The guidance discusses reducing human decision points and increasing switching costs. This is disclosed and aligned with the sales strategy topic, but it can undermine user trust if implemented opaquely.
agent reorders without human involvement ... Lock-In Through Integration ... Data dependencies (history, preferences stored with you)
Keep autonomous purchases transparent, disclose incentives and default-vendor status, provide easy opt-out, and allow users to review or change vendors.
Systems built from this advice may collect user and agent identifiers, behavioral analytics, purchase context, or preferences.
The skill recommends tracking identifiers and decision metadata for agent-mediated commerce. This is expected analytics guidance for the stated purpose, but it involves privacy-sensitive persistent data if implemented.
Required Tracking ... agent_id ... user_id ... comparison_set ... decision_time_ms
Minimize collected data, document retention, protect identifiers, obtain appropriate consent, and avoid reusing stored context in ways users would not expect.