ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Walmart Price Tracker

v1.0.0

Provides Walmart price trend analysis, competitor comparisons, and data-driven repricing strategies tailored to your e-commerce business context.

0· 46·0 current·0 all-time
bynexscope-ai@nexscope
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Walmart price tracking, competitor analysis, repricing strategies) is consistent with the SKILL.md content, which produces frameworks and recommendations from user-supplied context (product URLs, category, competitor lists). However, the README-style claims that it "works across major e-commerce platforms" and provides "trend analysis" could imply automated data collection or API access; the skill requests no credentials or data sources, so it appears to rely solely on user-provided inputs and the model's general knowledge. This mismatch between implied automation and the instruction-only approach is worth noting.
Instruction Scope
SKILL.md contains only usage guidance: accept product URL/category/competitor list and return analysis and strategies. It does not instruct the agent to read system files, access environment variables, call external endpoints, or fetch data autonomously. There is no scope creep in the instructions themselves.
Install Mechanism
There is no install spec or code — this is instruction-only (lowest install risk). SKILL.md shows an example 'clawhub install walmart-price-tracker' command but the package provides no install manifest. That inconsistency (an install hint with no install metadata or source/homepage) reduces provenance and traceability and should be considered when deciding to trust or use the skill.
Credentials
The skill declares no required environment variables, credentials, or config paths, which matches its instruction-only design. However, realistic, automated price-tracking across Walmart/Amazon/Shopify would typically require API keys, seller credentials, or scraping infrastructure; the absence of any such requirements suggests the skill expects all data to be supplied interactively. Users should be cautious about being asked to paste credentials into prompts — the skill does not request them but could still instruct the agent (or a human user) to do so.
Persistence & Privilege
The skill is not always-enabled and is user-invocable (normal defaults). It does not request persistent presence or special privileges, and there are no instructions to modify other skills or system-wide configs.
What to consider before installing
This skill is primarily a guidance/template generator (no code or installers shipped), which lowers technical risk, but exercise caution because: 1) the skill has no listed source or homepage — provenance is unknown, 2) the SKILL.md shows an install command yet no install metadata is included, and 3) it claims cross-platform automated capabilities even though it requests no credentials (so it likely relies on you to provide data). Before installing or using: prefer skills with a repository/homepage, avoid pasting API keys or passwords into chat prompts, test outputs with non-sensitive example data, and ask the publisher for source code or documentation if you need automated data collection (APIs/scraping), so you can verify what will actually run.

Like a lobster shell, security has layers — review code before you run it.

latestvk97543px3ndhtba84h93jb7dch83ssww

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments