ClawHub

Shopify Email Flow Builder

v1.0.0

Klaviyo and Shopify Email automation flow designer. Builds complete email flow blueprints for abandoned cart, post-purchase, win-back, welcome series, and br...

0· 103·1 current·1 all-time
by@mguozhen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Klaviyo/Shopify email flow blueprints) match the SKILL.md commands and outputs. There are no unexpected credentials, binaries, or remote integrations required for the stated purpose.
Instruction Scope
Runtime instructions create a local workspace at ~/email-flows/ (memory.md, flows/, copy-angles.md) and ask the agent to accept store context and performance data from the user. This is appropriate for a design tool, but it explicitly directs writing persistent files to the user's home directory and may store potentially sensitive business data (metrics, brand voice).
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk installation surface. Nothing will be downloaded or written by an installer.
Credentials
No environment variables, secrets, or config paths are requested. The SKILL.md does not instruct access to unrelated credentials or external APIs, which is proportionate to an offline design tool.
Persistence & Privilege
Skill persists content to ~/email-flows/ in the user's home directory. always:false (not force-included) is set, but the skill is allowed to be invoked autonomously by the agent (platform default). Persisting user-provided business data is expected, but users should be aware of the storage location and retention.
Assessment
This skill appears to do what it says: generate email flow blueprints and save them locally. Things to consider before installing: - The skill will create and write files under ~/email-flows/, which may store sensitive business data (performance metrics, customer segmentation notes, brand voice). Review and back up anything you care about. - The skill's metadata allows use of Bash, meaning an agent given permission could execute shell actions; the SKILL.md itself doesn't include harmful commands, but agent behavior depends on your agent's runtime policies. Limit the agent's execution permissions if you don't want it writing files or running commands. - No API keys or external integrations are required, so there's no automatic exfiltration to third-party services built into the skill. Still review any generated files before sharing externally. - If you plan to allow autonomous invocation, be comfortable with the skill creating/updating files in your home directory; otherwise invoke it manually. If you want a lower-risk setup, run the agent in a restricted environment or sandbox and inspect the ~/email-flows/ folder after the first run.

Like a lobster shell, security has layers — review code before you run it.

latestvk978ye1pn5f5pjbg66hen24krn8388b7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments