ClawHub
Back to skill
v1.0.0

Shopify Ai Customer Service

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:25 AM.

Analysis

The skill appears to generate a Shopify AI customer-service setup guide and does not show evidence of credential access, destructive actions, or data exfiltration.

GuidanceThis looks like a low-risk guide-generation skill. Before using it, be aware that it runs a local OpenClaw agent command and may store the niche or URL you provide in a local session; do not include secrets, customer records, API keys, or other confidential Shopify data.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
analyze.sh
openclaw agent --local --message "${PROMPT}" --session "${SESSION_ID}"

The script uses Bash to invoke a local OpenClaw agent. This is aligned with the skill's purpose of generating a guided strategy, and the artifacts do not show destructive shell commands, downloads, or privileged operations.

User impactUsing the skill may run a local OpenClaw agent command to generate the customer-service setup guide.
RecommendationUse it only if you are comfortable with a local agent invocation, and keep any further tool permissions scoped to the guide-generation task.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityInfoConfidenceMediumStatusNote
analyze.sh
SESSION_ID="shopify-ai-cs-$(date +%s)"

The script assigns a session name and sends the generated prompt to that session, so the provided store niche or URL may be associated with a local session record.

User impactStore details entered into the skill could be retained in a local session context.
RecommendationAvoid entering private customer data, access tokens, or confidential store information unless you understand how local OpenClaw sessions are stored and cleared.