E-commerce find skills
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is coherently about finding e-commerce skills, but it tells the agent to use an undeclared marketplace CLI to install or bulk-update local agent skills, which can change future agent behavior without clear provenance or rollback safeguards.
Use this skill only if you trust the LinkFox skill marketplace and the `linkfoxskill` CLI. Before installing or updating anything, ask the agent to show the exact skill slug, version, source, and destination directory, and avoid bulk updates unless you are prepared to review and roll back changed skills.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may allow the agent to install or update code/instructions from a marketplace without clear source verification or reproducibility information.
The SKILL.md relies on a `linkfoxskill` marketplace CLI to install other skills, but the registry information does not declare the binary, installation source, homepage, or provenance controls.
Source: unknown; Homepage: none ... Required binaries: none ... Install specifications: No install spec
Declare the required CLI and its trusted source, document how marketplace results are verified, and advise users to inspect skill details before installation or update.
Running the documented commands can change what the agent can do in future sessions, including bulk-updating already installed skills.
These commands can install new skills or update existing installed skills in the agent environment. Installation requires user confirmation, but the update flow is broad and lacks explicit review, scope, or rollback guidance.
linkfoxskill install slug --workdir workspace ... linkfoxskill update
Require explicit user approval for each install or update, avoid broad `update` unless the user specifically requests it, and show exactly which skills and versions will change before running commands.
Newly installed skills may remain available after the current task and influence later agent behavior.
The skill explicitly installs into the agent's skill directory and asks the user to restart the agent so the new skill persists and loads later.
CLI 会自动检测当前 agent 平台并安装到正确目录 ... 安装完成后提示用户重启 Agent 以加载新技能。
Tell users where the skill was installed, how to review it, and how to remove or roll back it if needed.