ClawHub

Shopify Pr Strategy

v1.0.0

Build a PR and press coverage strategy for Shopify stores to earn media mentions, backlinks, and brand authority. Triggers: pr strategy, press coverage, medi...

0· 56·0 current·0 all-time
by@mguozhen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description promise a PR & press strategy and the SKILL.md plus analyze.sh produce a prompt to generate that content. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
The SKILL.md and analyze.sh are narrowly scoped to building a PR strategy. The analyze.sh takes user input and calls 'openclaw agent --local --message ...' to generate the report. It does not read other files or environment variables. Caveat: calling the OpenClaw agent will transmit the user-provided prompt (store niche/URL and any text you pass) to whatever model/backend the agent is configured to use—this may be a remote service depending on your local configuration, so user-provided sensitive data could be exposed.
Install Mechanism
No install spec or downloads. The only runtime requirement is an available 'openclaw' CLI (invoked by the included shell script). No archives, package installs, or remote code downloads are performed by the skill itself.
Credentials
The skill declares no required environment variables or credentials and the code does not reference secrets or unrelated env vars. The amount of access requested is proportionate to generating PR content.
Persistence & Privilege
always is false and the skill does not request permanent presence or modify other skills or agent-wide settings. The script creates a short-lived session ID for the single run only.
Assessment
This skill is coherent and low-risk for its stated purpose, but review and follow these precautions before use: 1) Inspect analyze.sh (you already have it) and confirm it matches the prompt you expect; it simply calls 'openclaw agent' with your input. 2) Do not include secrets, API keys, or private customer data in the prompt—those would be sent to the model/backend the OpenClaw CLI uses. 3) Verify the 'openclaw' CLI on your system is configured to use a trusted local model or trusted provider; if it uses a remote service, your input will leave your machine. 4) Run the script in a low-privilege environment (not as root) and avoid piping untrusted data into it. 5) If you need stronger guarantees (no external transmission), confirm that OpenClaw is operating fully offline/local before sending sensitive information.

Like a lobster shell, security has layers — review code before you run it.

latestvk97054yatq6wcr57bghev3qcxh83p4pa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments