Wishlist
PassAudited by ClawScan on May 1, 2026.
Overview
This is a straightforward local wishlist skill with disclosed file storage and price-checking behavior, and no evidence of hidden code, credentials, exfiltration, or destructive actions.
This appears safe to use if you are comfortable storing wishlist and purchase-history details in ~/wishlist/. Review what gets saved, avoid adding sensitive payment or account information, and confirm any buying decision yourself.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may result in external price searches and edits to wishlist files, but the artifacts do not show automatic purchasing or unrelated actions.
The skill instructs the agent to search external stores and update local wishlist records. This is central to the price-tracking purpose, but it is still tool-mediated activity users should expect.
When checking prices: - Search current prices across configured stores - Compare to target and history - Surface significant drops - Update last checked date
Review configured stores and links, and keep purchase decisions user-confirmed rather than automatic.
The local workspace may reveal personal shopping interests, budgets, and purchase history to anyone or any agent process with access to those files.
The skill stores persistent local records for wishlist items, priorities, price targets, alerts, and purchases so they can influence future recommendations.
Create `~/wishlist/` as workspace
Keep the wishlist folder private, avoid storing payment details or highly sensitive notes, and periodically review or delete outdated entries.