ClawHub

Shoppable Video

v1.0.0

Develop and optimize shoppable videos for platforms like TikTok, Instagram, YouTube, and Amazon Live with product tagging, CTAs, and live shopping strategies.

0· 45·0 current·0 all-time
bynexscope-ai@nexscope
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, and listed capabilities align: this is a content/strategy helper for shoppable video across social platforms and the SKILL.md stays on-topic.
Instruction Scope
The runtime instructions themselves are harmless content guidance, but the SKILL.md includes an install example (`npx skills add nexscope/shoppable-video`) that directs the agent/user to fetch a package. The skill otherwise does not instruct reading unrelated files or accessing unexpected system state.
Install Mechanism
There is no declared install spec in the registry metadata (instruction-only), yet the SKILL.md suggests using npx to add a package. That implies pulling code from the npm ecosystem if followed; downloading/executing external packages carries risk and should be vetted.
Credentials
The skill requests no environment variables, credentials, or config paths — consistent with its stated purpose of providing content strategy and recommendations.
Persistence & Privilege
No elevated privileges or persistent/always-on behavior requested (always:false). The skill is user-invocable and does not ask to modify other skills or global agent settings.
Assessment
This skill appears to be what it claims: a shoppable-video content/strategy helper. Two practical cautions before you run anything suggested in SKILL.md: 1) the file suggests running `npx skills add nexscope/shoppable-video`, which would download and run a package from the npm ecosystem — verify the package exists, review the npm listing and package.json (especially install/postinstall scripts), check the maintainer and repository, and confirm the code or README on the package source before running npx. 2) Registry metadata shows no homepage/source, yet the README claims Nexscope with a URL; confirm that URL and the publisher identity match the npm package and that you trust that vendor. If you prefer lower risk, use the skill as instruction-only (read its recommendations) rather than executing the npx install, or run installs in an isolated environment/container.

Like a lobster shell, security has layers — review code before you run it.

latestvk9799x0kjs9arqdb6sr3rfqznx840zay

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments