ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

eBay Seller Guide

v1.0.0

Provides step-by-step guidance on eBay selling strategies, listing optimization, SEO, shipping setup, seller ratings, and scaling to Top Rated Seller.

0· 32·0 current·0 all-time
bynexscope-ai@nexscope
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and SKILL.md content are coherent: the instructions are about eBay selling strategies and the capabilities listed match that purpose. No unexpected APIs, binaries, or credentials are requested.
!
Instruction Scope
SKILL.md contains only guidance and usage examples, which is fine. However, it includes an 'Install' example that runs 'npx skills add nexscope/ebay-seller-guide' and an attribution to Nexscope; the registry metadata for this skill does not include a homepage or matching owner identity. That creates a provenance mismatch and recommends fetching external code that is not declared in the skill's manifest.
!
Install Mechanism
There is no formal install spec in the manifest (the skill is instruction-only), but the README-like SKILL.md instructs running npx to pull a package. Using npx would download and run code from a remote registry (npm/GitHub). Because that download is not declared in the registry metadata, it's an unverified install instruction and increases risk if executed without review.
Credentials
The skill declares no required environment variables, credentials, or config paths and the instructions do not ask for secrets or unrelated system data. The requested environment access appears proportionate to the stated purpose.
Persistence & Privilege
Defaults are used (not always:true). The skill does not request permanent presence or system-wide changes in the manifest. Autonomous invocation is allowed (platform default) but not combined with other red flags here.
What to consider before installing
This skill's content itself looks like benign eBay advice, but the SKILL.md tells you to run 'npx skills add nexscope/ebay-seller-guide' while the registry metadata does not show a matching homepage or owner — that mismatch is the main red flag. Before running any npx/install command: 1) verify the package exists on npm or the referenced source and that the publisher is who they claim to be (Nexscope), 2) inspect the package source code (or its GitHub repo) for unexpected network calls or filesystem actions, 3) prefer installing in a sandbox or container if you need to try it, and 4) if you only want the guidance, copy the SKILL.md content rather than running remote installers. If you can provide the actual npm package URL or repository for 'nexscope/ebay-seller-guide', I can re-evaluate and raise the confidence level.

Like a lobster shell, security has layers — review code before you run it.

latestvk979jc2fqgev7wm0ef3wx18q6n840swj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments