Agent Commerce Engine
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted http:// store URL could cause store passwords or session tokens to be sent over plain HTTP despite the skill's HTTPS-safety claim.
This is the HTTPS enforcement gate before the client sends account passwords and uses saved token headers. Because it checks for localhost as a substring of the whole URL, a non-HTTPS remote URL containing that text could bypass the intended protection.
if not self.base_url.startswith('https://') and not any(h in self.base_url for h in ['localhost', '127.0.0.1']): ... response = self.session.post(url, json={"account": account, "password": password}, timeout=10)Only use trusted https:// store URLs. The maintainer should parse the hostname and allow HTTP only when the host is exactly localhost or 127.0.0.1.
Anyone who can read the local credential file could potentially act as the user for that store.
The client stores the account identifier and API token locally. This is disclosed and file permissions are restricted, but it is still sensitive account access.
json.dump({"account": account, "token": token}, f)
os.chmod(self.creds_file, 0o600)Use logout to remove saved tokens when finished, and avoid using the skill on untrusted or shared machines.
The agent could change shipping/profile details, empty a cart, or create an order record if the user or another prompt directs it to run these commands.
The skill exposes commands that can modify user profile data, carts, and orders. These operations are expected for a commerce engine, but they are high-impact actions.
prof_p = subparsers.add_parser("update-profile", help="Update user profile") ... subparsers.add_parser("clear-cart", help="Clear the entire cart") ... order_p = subparsers.add_parser("create-order", help="Create an order from cart")Confirm cart, profile, and order changes with the user before running mutating commands, especially create-order and clear-cart.
A malicious or compromised store could include misleading instructions in API responses.
Compatible backends can return natural-language instruction fields intended to influence the agent's next step. That is useful for commerce errors, but the text comes from the store backend.
The `instruction` field SHOULD accompany the `error` code to provide human/agent-readable guidance ... for the Agent's next action.
Treat backend instruction fields as untrusted suggestions limited to the shopping task; do not let them override user intent or security rules.