ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Shopify International Expansion

v1.0.0

Plan international market expansion for Shopify stores including market selection, localization, logistics, and compliance. Triggers: international expansion...

0· 47·0 current·0 all-time
by@mguozhen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, SKILL.md and analyze.sh all aim to produce a market expansion plan for Shopify stores. The single script and the prompt it builds are coherent with that goal; there are no unrelated required binaries, env vars, or config paths.
Instruction Scope
SKILL.md limits allowed-tools to Bash and the included analyze.sh simply builds a prompt and invokes the 'openclaw agent' CLI with the user-supplied input. This is within scope, but running the script will send the provided store/niche input to whatever model/service the 'openclaw agent' CLI uses (local or remote). If the input contains sensitive data, that data will be transmitted to the model runtime.
Install Mechanism
No install spec and no downloads. The skill is instruction-only plus a small shell wrapper, so it does not write external packages or archives to disk.
Credentials
The skill requests no environment variables, credentials, or config paths. There are no apparent requests for unrelated secrets or system access.
Persistence & Privilege
Flags show no 'always' or unusual persistence. The skill does not attempt to modify other skills or system-wide configs.
Assessment
This skill is coherent and appears to do what it says: it composes a detailed prompt and calls the 'openclaw agent' CLI to generate an international expansion plan. Before running it, consider: (1) any store URLs, sales figures, or private customer data you include will be sent to the agent/model—avoid pasting secrets or credentials; (2) verify what 'openclaw agent' on your system does (local vs remote model) so you know where data is sent; and (3) if you need to keep input private, sanitize or redact sensitive details before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a0sdanncbqqpqgtjvpfcjrh83m3rt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments