ClawHub

Shopify Cart Recovery

v1.0.0

Cart abandonment recovery system for Shopify stores. Build multi-channel recovery sequences using email, SMS, and retargeting ads to win back lost sales and...

0· 88·0 current·0 all-time
by@mguozhen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill name, description, SKILL.md content, and analyze.sh are coherent: they produce multi-channel cart-recovery plans, copy, and setup guidance. Minor mismatch: analyze.sh invokes external binaries (openclaw agent and python3) but the registry metadata listed no required binaries — the script expects those to exist even though they weren't declared.
Instruction Scope
SKILL.md stays on-topic (generate benchmarks, email/SMS/ads copy, Klaviyo/Shopify setup). The included script builds a prompt and calls a local 'openclaw agent' CLI and python3 to format output; it does not read environment variables, system config paths, or external URLs itself. Caveat: the openclaw agent invocation may cause network activity depending on the installed openclaw CLI implementation — the skill delegates model execution to that binary.
Install Mechanism
No install specification — instruction-only plus a helper script. Nothing is downloaded or extracted by the skill, which minimizes install-time risk.
Credentials
The skill requests no environment variables, credentials, or config paths. The script likewise does not access secrets or system config. This is proportionate for a content-generation aid.
Persistence & Privilege
Skill flags are default (always:false, model invocation allowed). The skill does not request permanent presence or modify other skills/configs.
Assessment
This skill appears to be a content-generation helper and does not request credentials or read system files, which is good. Before installing or running it, note that: (1) analyze.sh calls a local 'openclaw agent' CLI and python3 — make sure those binaries are what you expect and trust; the script will pass your input (store details) to that CLI, and the CLI’s behavior (local-only vs networked) determines whether that data leaves your machine. (2) The registry metadata did not declare required binaries even though the script needs them; ensure you have the correct environment. (3) Avoid feeding sensitive API keys, customer data, or real store credentials into the script/CLI unless you’ve verified the openclaw agent is local and offline or you trust its network behavior. If you want higher assurance, inspect/trace the openclaw agent binary or run the script in a sandboxed environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a3arkz6md4ts1vgrp03g0cd83fay0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments