ClawHub

Shopify Email Flows

v1.0.0

Email automation flows — welcome series, abandoned cart, post-purchase, win-back, browse abandonment

0· 80·0 current·0 all-time
bynexscope-ai@nexscope
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description and capabilities are aligned: the skill provides strategic guidance for Shopify email flows and does not claim direct Shopify API integration. Required resources declared in the registry are minimal (no env vars, no binaries), which matches the guidance-only nature.
Instruction Scope
SKILL.md stays within advisory scope: it offers analysis, recommendations, and implementation plans and explicitly states it does not perform direct Shopify API integration. It does suggest auditing a store but does not instruct the agent to read local files, env vars, or transmit credentials automatically — any store data would need to be provided by the user.
Install Mechanism
Although the registry lists no install spec, SKILL.md instructs the user to run an npx command to install nexscope-ai/eCommerce-Skills globally. Installing a package from npm is a common but non-trivial action (downloads and runs code). This is a moderate-risk action that should be validated (check the npm package page, publisher, and package contents) before running.
Credentials
No environment variables, credentials, or config paths are requested by the registry or in SKILL.md. That is proportionate for a guidance-only skill which does not perform API integrations.
Persistence & Privilege
The skill does not request always:true or any special persistent privileges. It is user-invocable and allows normal autonomous invocation, which is the platform default.
Assessment
This skill appears to be an advisory tool and is internally consistent, but SKILL.md instructs you to run npx to install 'nexscope-ai/eCommerce-Skills' from npm. Before running that command: (1) review the package on the npm registry and confirm the publisher and recent activity, (2) inspect the package source or repository for unexpected behavior, (3) avoid providing Shopify credentials or store access unless the package explicitly documents secure OAuth flows, and (4) prefer running installs in an isolated environment if you want to test it first. If you want, provide the npm package link or the package contents and I can check it more thoroughly.

Like a lobster shell, security has layers — review code before you run it.

latestvk9795pk5bcgg03mryacymskh0x84khvr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments