Wishfinity +W
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: wishfinity Version: 1.0.0 The skill bundle describes a 'save for later' functionality for products, integrating with the Wishfinity service. The `SKILL.md` provides clear instructions for the user to configure an MCP server using `npx -y wishfinity-mcp-plusw`, which is a standard method for OpenClaw integrations. There is no evidence of prompt injection against the agent, data exfiltration, malicious execution, or other harmful behaviors within the provided files. The instructions for the AI agent are aligned with the stated purpose of saving product URLs.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill means trusting the referenced npm package to run as an MCP server in the OpenClaw environment.
The setup runs an external npm MCP server package without a version pin. This is expected for the integration, but the executable package itself is not included in the provided artifacts.
"command": "npx", "args": ["-y", "wishfinity-mcp-plusw"]
Verify the npm/GitHub package publisher and consider pinning a known version before adding it to your MCP configuration.
Wishfinity may receive and store product links that reflect what the user is shopping for or considering.
The skill sends product URLs through an MCP integration to Wishfinity so the user can save them. This data flow is disclosed and purpose-aligned, but product URLs can reveal shopping interests.
Agent calls `add_to_wishlist` with the product URL, then presents the action link as a button.
Use this only for product links you are comfortable saving with Wishfinity, and review Wishfinity account sharing and privacy settings.