ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Share of Shelf

v1.0.0

Analyzes brand visibility and shelf share within product categories on e-commerce platforms, benchmarking competitors and tracking position trends.

0· 43·0 current·0 all-time
bynexscope-ai@nexscope
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The description promises cross-platform share-of-shelf analysis and monitoring across Amazon, Shopify, Walmart, etc., but the skill has no install spec, no code, and requests no platform credentials or API keys. That means it can only produce strategy, frameworks, and recommendations based on user-supplied data — not perform automated data collection or live monitoring. The SKILL.md also shows a 'clawhub install' command despite there being no install spec, which may mislead users about installability/automation.
Instruction Scope
SKILL.md contains only high-level instructions, input/output expectations, and an example prompt. It does not instruct the agent to read system files, access environment variables, or call external endpoints. The instructions are intentionally lightweight and advisory, which limits the runtime surface.
Install Mechanism
No install spec and no code files are present, so nothing will be written to disk or executed by the platform. This is low-risk, but the presence of an 'install' command in the README is merely informational and not backed by an install manifest.
Credentials
The skill requests no environment variables or credentials, which is proportionate for an advisory framework. However, because it claims to 'work across' many marketplaces, real integrations would normally require marketplace API keys or credentials. The lack of any credential requests should signal that the skill will not perform automated integration without additional components or user-supplied credentials outside this skill.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent presence or elevated platform privileges. Autonomous invocation is allowed by default but there are no instructions enabling background activity or system configuration changes.
What to consider before installing
This skill is an advisory/template generator, not an automated data-collector: it has no code, no install manifest, and asks for no credentials. Don't assume it will fetch or monitor your marketplace listings automatically. If you want automated monitoring or scraping, ask the maintainer for a concrete integration plan (what APIs are used, which credentials are required, how tokens are stored). Never share platform API keys or passwords unless you clearly understand where they'll be used and stored. Also confirm whether the 'clawhub install' command is supported by your environment or just documentation copy.

Like a lobster shell, security has layers — review code before you run it.

latestvk97es2cw605496eqfyetfyrzds83vfv5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments