Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
eBay SEO
v1.0.0Optimize eBay listings with keyword-rich titles, complete item specifics, smart category choices, and seller metrics to boost visibility in Cassini search re...
⭐ 0· 29·0 current·0 all-time
bynexscope-ai@nexscope
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, and SKILL.md are consistent: the skill is an instruction-only guide for optimizing eBay listings (titles, item specifics, categories, seller metrics, Promoted Listings). Nothing in the doc claims functionality outside that domain.
Instruction Scope
The runtime instructions themselves are limited to producing recommendations and usage examples (no commands that read local files or exfiltrate data). However, the 'Install' section includes a runnable npx command ('npx skills add nexscope/ebay-seo') that would fetch/execute code outside the registry metadata; that is not declared in the registry and expands the effective attack surface if followed.
Install Mechanism
The registry metadata shows no install spec, but SKILL.md suggests installing via 'npx'. Running npx will fetch code from npm (or run arbitrary code); because there is no declared install spec, no homepage, and the source is 'unknown', this undocumented install hint is a mismatch and a potential risk. Instruction-only status reduces risk unless users follow the npx command.
Credentials
The skill declares no required environment variables or credentials. It references seller performance metrics and Promoted Listings integration, which in practice would often require eBay API credentials to fetch or change real listings. The absence of any declared credential requirement is not necessarily malicious (the skill may only provide advisory recommendations), but it is a mismatch relative to claims about metric-driven optimization and integration.
Persistence & Privilege
The skill is not always-enabled, requests no special privileges, and is instruction-only with no code files — it does not request persistent presence or system-wide changes.
What to consider before installing
This skill appears to be an advisory guide for eBay listing SEO and is largely coherent, but exercise caution before running any install commands shown in its documentation. The SKILL.md suggests 'npx skills add nexscope/ebay-seo' even though the registry lists no install spec or homepage and the source is unknown — running that could download and execute code from npm. If you only want SEO recommendations, you can use the skill as-is (it provides guidance without needing credentials). If you expect the skill to access or modify your live eBay listings, ask the developer how it obtains eBay API credentials and review any package/source before installing. Recommended steps: 1) Do not run the npx command unless you verify the nexscope package and its publisher (npm page, repository, and homepage). 2) If you must install, inspect the package code in a safe environment or sandbox first. 3) Require that any tool requesting eBay account access list exactly which credentials and scopes it needs. 4) If unsure, treat this skill as read-only guidance rather than an automated integrator.Like a lobster shell, security has layers — review code before you run it.
latestvk97bpzyap9b9cvdwfjh0nxyzyn840dh9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.