ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Minimum Advertised Price

v1.0.0

AI-driven Minimum Advertised Price policy creation, violation monitoring, compliance management, and enforcement workflow design for e-commerce brands.

0· 47·0 current·0 all-time
bynexscope-ai@nexscope
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description promise both policy creation and active violation monitoring across platforms (Amazon, Shopify, Walmart, etc.). However, the skill declares no required credentials, no APIs, and no installables. That is coherent if the skill only generates policy documents from user-provided context, but incoherent if it intends to perform automated cross-platform monitoring or enforcement.
Instruction Scope
SKILL.md contains prompts and usage for generating MAP policies, checklists, and enforcement workflows and asks for business context from the user. It does not instruct the agent to access system files, environment variables, or external APIs. The documentation is limited and does not describe how 'monitoring' is achieved, which is an important scope gap.
Install Mechanism
There is no install spec and no code files. The README shows a 'clawhub install' example, but no corresponding install metadata exists. This is low-risk from an install standpoint, but the install command is misleading because the package has no installable artifacts in the registry package provided here.
Credentials
The skill declares no environment variables, credentials, or config paths. That is proportionate if the skill is only a consultancy/instruction generator. It becomes insufficient if the skill is expected to perform automated monitoring — then API keys or access would be required but are not requested.
Persistence & Privilege
The skill does not request elevated persistence (always: false). It is user-invocable and allows model invocation (normal). Nothing in the package attempts to modify other skills or system config.
What to consider before installing
This skill appears to be an instruction-only adviser for MAP policies (it will generate documents and workflows based on info you provide). Before using it: 1) Do not supply platform API keys, seller credentials, or other secrets unless the skill explicitly documents why and how they will be used and where they are stored. 2) Ask the vendor/author how 'monitoring' is performed — if you expect automated, cross-platform scanning, this package currently has no mechanism for that and would need integrations that require credentials. 3) Treat the shown 'clawhub install' line as informational: there are no install artifacts in the provided package. 4) Verify the publisher (Nexscope) and a homepage or source repository for trust — absence of provenance increases risk. If you need actual automated monitoring/enforcement, prefer a solution that documents required APIs, credential handling, and an install mechanism you can inspect.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dvg1ndxr479rsr2zk676g1d83qm2p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments