v0.1.4

Buck Mason Stylist Skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:55 PM.

Analysis

This is a coherent shopping skill, but it warrants review because optional flows can use email/account tokens and Stripe Link to make purchases while storing or sending sensitive profile and photo data.

GuidanceBefore installing, decide whether you only want stock checks and browser cart links or whether you are comfortable enabling account-linking, photo try-ons, and agent-driven payments. Keep the default browser checkout path unless you explicitly need no-browser checkout, paste magic links manually when possible, use a limited OpenAI key, and store the smallest possible profile/photo/shipping data in the agent workspace.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

examples/lookbook.md

Customer says "just buy it for me, no browser"... Agent runs: `link-cli spend-request create --request-approval --amount <total_cents>`... Phase 2  charge

The skill documents a fully agent-driven purchase path that can charge the user through Stripe Link after approval.

User impactThe agent can help complete real purchases, not just recommend products or create cart links.

RecommendationUse the browser checkout-link path by default. Only enable the MPP/Stripe Link path after the agent states the exact items, total, shipping destination, and refund/return implications, and you approve in the Link app.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

clawhub.json

"optional_clis": [{"name": "stripe/link-cli", "install": "npm i -g @stripe/link-cli", "purpose": "MPP fully-agent-driven checkout"}]

The optional payment path relies on a globally installed npm CLI, which is user-directed and purpose-aligned but should be installed from a trusted source.

User impactA compromised or wrong CLI package could affect the payment-token workflow.

RecommendationInstall payment tooling only from the official Stripe source, consider pinning a reviewed version, and avoid enabling the fully agent-driven checkout path unless needed.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

SKILL.md

the agent runs the email + magic-link flow (`POST /api/verify_order_or_email`  email sent  `POST /api/login_via_token` returns a JWT). **This requires the agent to have a tool that reads the customer's email**

This optional workflow grants the agent mailbox access to retrieve a login link and then an authenticated account token, which can expose order history and account/profile data.

User impactIf enabled, the agent may read email to obtain a login token and access Buck Mason/Pima account information.

RecommendationPrefer the guest order-code path or paste the magic link manually. If using an email MCP, grant the narrowest possible access, confirm every retrieval, and avoid storing the JWT beyond the active session.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

The customer should keep three plain-text files under their agent's persistent memory or workspace... `profile.md` | sizes per category, fit prefs, color prefs, contact/shipping, home zip, optional reference photo URL

The skill intentionally stores personal sizing, address/contact, wardrobe, event, and photo-reference data in persistent agent-accessible files.

User impactSensitive personal shopping, body-size, address, and event information may be reused by the agent across future requests.

RecommendationStore only the minimum needed, keep these files in a private workspace, remove full shipping details unless needed for checkout, and periodically review or delete stale profile and event data.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

references/image-generation.md

This skill produces... imagery using OpenAI's image API... **Identity anchor photos** (23) | `profile.md`  `reference_photos` | Yes

The try-on workflow sends user identity/reference photos through an external image-generation provider, which is expected for the feature but sensitive.

User impactFace, body, or reference photos may leave the local workspace for AI image generation.

RecommendationUse flat-lay or text-only lookbooks if you do not want photos sent to OpenAI, and avoid uploading more identifying or revealing photos than necessary.