Shopify Ai Customer Service
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to generate a Shopify AI customer-service setup guide and does not show evidence of credential access, destructive actions, or data exfiltration.
This looks like a low-risk guide-generation skill. Before using it, be aware that it runs a local OpenClaw agent command and may store the niche or URL you provide in a local session; do not include secrets, customer records, API keys, or other confidential Shopify data.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may run a local OpenClaw agent command to generate the customer-service setup guide.
The script uses Bash to invoke a local OpenClaw agent. This is aligned with the skill's purpose of generating a guided strategy, and the artifacts do not show destructive shell commands, downloads, or privileged operations.
openclaw agent --local --message "${PROMPT}" --session "${SESSION_ID}"Use it only if you are comfortable with a local agent invocation, and keep any further tool permissions scoped to the guide-generation task.
Store details entered into the skill could be retained in a local session context.
The script assigns a session name and sends the generated prompt to that session, so the provided store niche or URL may be associated with a local session record.
SESSION_ID="shopify-ai-cs-$(date +%s)"
Avoid entering private customer data, access tokens, or confidential store information unless you understand how local OpenClaw sessions are stored and cleared.