ecommerce-price
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for price monitoring, but users should knowingly provide the Apify token, install npm dependencies, and control any automated runs or webhook exports.
This appears safe to review as an instruction-only price monitoring skill, but install dependencies deliberately, use a controlled Apify token, watch usage costs, and only enable schedules or webhook exports after confirming their scope and destination.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed or used, the user may need to provide an Apify token that can run Apify actors and consume account credits.
The skill requires an Apify personal API token for its external scraping workflow. This is expected for the stated purpose, but it is sensitive account authority and the registry metadata declares no required credentials or environment variables.
Store it securely: ```bash export APIFY_TOKEN=apify_api_xxxxxxxxxxxxxxxx ```
Use a dedicated Apify token with the minimum needed permissions if available, keep it out of shared logs, and monitor Apify usage/costs.
Running the setup command adds third-party packages to the local environment.
The skill asks the user to install npm packages even though the registry lists no install spec and no required binaries. This is a disclosed, purpose-aligned setup step, but users should treat it as dependency execution they must approve.
```bash npm install apify-client axios ```
Install dependencies only in a project or sandbox you control, and review package provenance/versions before running example code.
Product lists, competitor intelligence, or pricing recommendations could be shared with third-party services if the user configures those exports.
The skill contemplates sending pricing data to external destinations such as Apify and a repricing webhook. This is aligned with the product-monitoring purpose, but webhook identity, authentication, and data boundaries are not specified in the provided artifact.
Export everything as CSV, JSON or direct webhook to your repricing tool
Confirm webhook URLs, authentication, and what data will be sent before enabling exports; avoid sending confidential product or margin data unless intended.
Automated monitoring could continue consuming Apify credits or sending alerts/exports until disabled.
The skill advertises recurring automation. This is expected for monitoring, and the artifacts do not show hidden persistence, but users should explicitly control any schedule they create.
Schedule automated daily or hourly price surveillance runs
Set clear schedules, limits, and stop conditions, and periodically review running Apify tasks or external automation.