Secure Shopper
PassAudited by ClawScan on May 10, 2026.
Overview
This is a high-trust shopping automation skill, but the artifacts disclose its browser, autofill, sub-agent, and local-recording behavior and do not show hidden exfiltration or destructive code.
Before installing, confirm you trust the separate secure-autofill skill, limit configured shopping sites, avoid saving unnecessary address details, monitor spawned shopping sessions, and manually verify every checkout detail before approving an order.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may fill shopping-site credentials in your browser and act while logged in to your accounts.
The skill explicitly directs the agent to use 1Password-backed secure-autofill to log in to shopping sites. This is purpose-aligned, but it gives the agent access to authenticated shopping sessions.
Otherwise, use secure-autofill login flow: ... `vault_suggest`/`vault_fill` to fill credentials
Use only with a trusted secure-autofill setup, configure only intended shopping sites, and review any login or checkout step before proceeding.
If used for checkout, mistakes could result in buying the wrong item, using the wrong account, or shipping to the wrong location.
Optional checkout can create real purchases or account changes. The visible instructions also include accept/deny and checkout-related phases, so this appears disclosed and user-directed rather than hidden.
Find items across one or more shopping sites, summarize candidates, and (optionally) place the order using **secure-autofill**.
Treat checkout as a manual-confirmation step: verify item, price, quantity, shipping address, delivery time, and payment method before allowing an order.
Shopping research may continue in a background session after the initial response.
The skill intentionally uses an asynchronous sub-agent for browsing. This is disclosed and fits the purpose, but users should know work may continue outside the main chat flow.
Then spawn a sub-agent so the main session is not interrupted. ... Use `sessions_spawn` with a task that includes the shopping description and any runtime overrides.
Monitor spawned sessions and stop them if the shopping task changes or you no longer want the agent browsing.
Your shopping requests, candidate items, prices, URLs, and possibly location context may remain in local workspace files.
The skill stores location context and shopping-task records locally. This is expected for the workflow, but it can persist personal shopping preferences and purchase research.
`location.zip` or `location.address`: used for shipping/availability context ... Record results to: `/home/miles/.openclaw/workspace/artifacts/secure_shopping/{timestamp}_shopping_task.json`Avoid storing sensitive addresses unless needed, and periodically review or delete generated secure_shopping artifacts.
Actual credential filling and browser behavior depend on another installed skill that is not included in this artifact review.
This skill depends on a separate local secure-autofill skill and its environment, while the registry metadata lists no required binaries, env vars, or primary credential. The dependency is disclosed in SKILL.md but should be verified separately.
The **secure-autofill** skill exists at: `~/.openclaw/skills/secure-autofill/` ... Gateway environment has required env vars (per secure-autofill)
Review and trust the secure-autofill skill before using Secure Shopper, and ensure its credential and browser permissions are scoped as expected.