ClawHub

Shopify Amazon Shopify

v1.0.0

Plan and execute a migration from Amazon to Shopify DTC or build a dual-channel strategy to reduce platform dependency. Triggers: amazon to shopify, migrate...

0· 74·0 current·0 all-time
by@mguozhen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The SKILL.md and analyze.sh both implement an Amazon-to-Shopify migration and dual-channel strategy workflow, which aligns with the skill name and description. However, the shell script invokes an 'openclaw' CLI to run the prompt; the skill metadata does not declare that binary as a requirement or provide an install spec. Requiring an agent CLI is reasonable for this instruction-run approach, but the missing declaration is an inconsistency.
Instruction Scope
The instructions and script stay on-topic: they build a migration/multi-channel marketing prompt and submit it to a local agent. The script does not read system files, environment variables, or network endpoints beyond executing the 'openclaw' command, and it does not exfiltrate data explicitly.
Install Mechanism
There is no install spec (instruction-only), which is low risk. But the included analyze.sh expects an external executable ('openclaw') to be present on PATH; no install or verification for that dependency is provided. That is an operational gap rather than a direct code-level risk.
Credentials
The skill requests no environment variables, credentials, or config paths and its runtime behavior (constructing a prompt and invoking a local agent CLI) does not require secrets. This is proportionate to its purpose.
Persistence & Privilege
Skill flags are default (not always-enabled), and there is no code that modifies other skills or system configuration. The skill does invoke an agent CLI but does not request permanent presence or elevated privileges.
Assessment
This skill appears coherent for producing an Amazon→Shopify strategy, but before installing or running it: 1) verify what 'openclaw' on your PATH is — the script runs 'openclaw agent --local ...' and that binary could execute arbitrary actions; ensure it is the trusted CLI you expect or provide a declared dependency/install step; 2) inspect/verify the openclaw CLI behavior (does it call external servers, log prompts, or forward data?) before sending proprietary brand or customer information; 3) run the skill in an isolated environment (or with non-sensitive test input) first; and 4) if you need an explicit install flow, ask the publisher for an install spec or to declare required binaries so you can audit and control them.

Like a lobster shell, security has layers — review code before you run it.

latestvk977t5bmzqy6yd7qb9y5xszzwn83m2qt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments