Wishfinity +W
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill means trusting the referenced npm package to run as an MCP server in the OpenClaw environment.
The setup runs an external npm MCP server package without a version pin. This is expected for the integration, but the executable package itself is not included in the provided artifacts.
"command": "npx", "args": ["-y", "wishfinity-mcp-plusw"]
Verify the npm/GitHub package publisher and consider pinning a known version before adding it to your MCP configuration.
Wishfinity may receive and store product links that reflect what the user is shopping for or considering.
The skill sends product URLs through an MCP integration to Wishfinity so the user can save them. This data flow is disclosed and purpose-aligned, but product URLs can reveal shopping interests.
Agent calls `add_to_wishlist` with the product URL, then presents the action link as a button.
Use this only for product links you are comfortable saving with Wishfinity, and review Wishfinity account sharing and privacy settings.