Cart Abandonment Analyzer
AdvisoryAudited by Static analysis on May 4, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you let an agent implement the sequence directly, it could affect customers through email, SMS, push notifications, or discounts.
This is the skill's stated purpose, but if paired with marketing-platform tools it could result in customer-facing messages, incentives, or discount workflows.
Build a multi-touch recovery sequence with channel selection (email, SMS, push), timing cadence, and content strategy for each touch.
Require explicit approval before sending campaigns, creating discount codes, or changing live marketing automations.
Reports or prompts may contain customer identifiers, cart contents, and behavior data if the user provides them.
The skill expects granular customer/cart behavior data for analysis and segmentation, which is purpose-aligned but sensitive.
Cart abandonment events tracked with timestamp, products, cart value, and user ID
Use only the minimum data needed, anonymize where possible, avoid unnecessary PII, and keep retention/access controls aligned with privacy obligations.
If an installer or runtime asks for wallet, purchase, or sensitive-credential access, that would be more authority than the visible docs justify.
These capability signals are broader than the visible instruction-only artifacts and the metadata showing no required credentials, but no code or workflow demonstrates use of those powers.
requires-wallet; can-make-purchases; requires-sensitive-credentials
Do not grant unrelated wallet, purchase, or credential permissions unless future artifacts clearly explain why they are necessary.