Cart Abandonment Analyzer
PassAudited by ClawScan on May 10, 2026.
Overview
This is an instruction-only cart recovery planning skill with no code or install steps; the main cautions are customer-data handling and permissions if you connect it to marketing or commerce tools.
This skill appears safe to use as a planning/template aid. Before connecting it to Shopify, email/SMS platforms, push tools, or analytics exports, confirm exactly what data and permissions are being shared, and require review before any live customer messages, discounts, or automation changes are made.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you let an agent implement the sequence directly, it could affect customers through email, SMS, push notifications, or discounts.
This is the skill's stated purpose, but if paired with marketing-platform tools it could result in customer-facing messages, incentives, or discount workflows.
Build a multi-touch recovery sequence with channel selection (email, SMS, push), timing cadence, and content strategy for each touch.
Require explicit approval before sending campaigns, creating discount codes, or changing live marketing automations.
Reports or prompts may contain customer identifiers, cart contents, and behavior data if the user provides them.
The skill expects granular customer/cart behavior data for analysis and segmentation, which is purpose-aligned but sensitive.
Cart abandonment events tracked with timestamp, products, cart value, and user ID
Use only the minimum data needed, anonymize where possible, avoid unnecessary PII, and keep retention/access controls aligned with privacy obligations.
If an installer or runtime asks for wallet, purchase, or sensitive-credential access, that would be more authority than the visible docs justify.
These capability signals are broader than the visible instruction-only artifacts and the metadata showing no required credentials, but no code or workflow demonstrates use of those powers.
requires-wallet; can-make-purchases; requires-sensitive-credentials
Do not grant unrelated wallet, purchase, or credential permissions unless future artifacts clearly explain why they are necessary.