Customer Churn Prediction Analyst
Security checks across malware telemetry and agentic risk
Overview
The skill’s churn-analysis purpose is coherent, but it needs sensitive commerce/customer credentials and may handle customer data, so users should restrict keys and review any outreach before use.
This looks like a legitimate instruction-only churn analytics skill. Before installing or using it, create restricted API keys, avoid sending unnecessary personal or payment-adjacent customer data, and review any generated retention campaigns manually before sending them to customers.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If broad API keys are provided, the agent may have more access to Stripe or Shopify account data than is necessary for read-only churn analysis.
The skill declares provider credentials that can access commerce, subscription, and customer data. This is expected for churn analysis, but users should ensure the keys are minimally scoped.
"env":["STRIPE_API_KEY","SHOPIFY_API_TOKEN","OPENAI_API_KEY"]
Use restricted/read-only API keys where possible, limit Shopify scopes to needed customer/order data, and avoid using production write-capable keys unless required and supervised.
Customer identifiers, payment history, support sentiment, and engagement data could be exposed to the agent workflow or external APIs if the user supplies them.
The skill is designed to combine customer payment, order, engagement, email/CRM, and support data across services. This is purpose-aligned, but the visible artifacts do not describe redaction, consent, retention, or provider data-boundary controls.
Aggregates signals from multiple platforms... Stripe Integration... Shopify Integration... Email/CRM Data... Support Systems
Minimize or redact personal data before analysis, confirm your privacy/compliance obligations, and understand how any connected model or API provider handles submitted customer data.
Unreviewed campaign content or alerts could lead to inappropriate customer contact, unwanted discounts, or compliance issues if copied directly into live tools.
The skill discusses outreach and notification workflows. The visible text frames them as generated campaigns rather than automatic sending, but such outputs can affect customers if deployed without review.
Retention Campaign Orchestration... Generates ready-to-deploy campaigns... Email → SMS → In-App Push → Slack notification
Manually approve all emails, SMS messages, discounts, and Slack alerts before deployment, and verify consent and unsubscribe requirements for each channel.