Mercadolibre Return Guide
Security checks across malware telemetry and agentic risk
Overview
The skill is mostly a Mercado Libre return-management guide, but it requests broad Bash access that is not explained or needed for the guide.
Review this skill before installing because it asks for Bash access despite being a written return-management guide. If you use it, provide only the minimum order or dispute details needed, never share Mercado Libre passwords, and verify any refund, dispute, or authorization-code action in the official Mercado Libre seller interface.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the agent may have local command-execution capability that is not clearly related to managing Mercado Libre returns.
The skill grants broad shell-tool access, but the artifact is otherwise an instruction-only Mercado Libre return guide and does not document any scoped or necessary Bash commands.
allowed-tools: Bash
Remove Bash from allowed tools unless specific, safe, user-approved shell commands are necessary and clearly documented.
Incorrectly sharing codes or following return/refund guidance without verification could affect seller operations or customer refunds.
The skill guides actions involving a Mercado Libre seller account and return authorization codes. This is purpose-aligned, but these account workflows can affect returns, refunds, and warehouse handling.
a. Login to ML seller account ... d. Download or copy the return authorization code ... e. Share code with your local warehouse team
Use only the official Mercado Libre interface, avoid sharing credentials, and confirm authorization-code and refund actions before acting.