ClawHub

Autonomous Commerce

v1.0.0

Execute real-world e-commerce purchases autonomously with escrow protection and cryptographic proof. Use when: User requests a physical purchase (Amazon, retail), budget is specified, escrow funds are available. Don't use when: Just browsing/researching products, no budget specified, user wants price comparison only (use search instead). Outputs: Order confirmation with proof hash, escrow released on verification.

2· 773·0 current·0 all-time
by@pandeyaby
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose (autonomous escrowed purchases) generally matches the included code (Playwright automation + escrow integration + proof generation). However the registry metadata declares no required environment variables or credentials while the README and code show an expected ClawPay wallet key (WALLET_PRIVATE_KEY) and a saved browser session (.chrome-session). The skill also references external escrow provider 'ClawPay' and npm dependency 'playwright' — these are legitimate for the purpose but are not reflected in the declared requirements, which is inconsistent.
!
Instruction Scope
SKILL.md and README describe autonomous operation and guardrails, but the amazon-purchase-with-session.js script requires a previously saved browser session directory (.chrome-session), writes screenshots to /tmp/vhagar-purchase, and prompts the operator for manual confirmation before placing orders. That means (a) it needs access to local browser session cookies (which can include saved payment methods), (b) it writes files outside the skill bundle, and (c) the runtime behavior is not fully autonomous as claimed. SKILL.md claims the agent 'cannot' add new payment methods or change addresses, but the automation interacts directly with a logged-in Amazon session — the code enforces neither of these constraints programmatically.
Install Mechanism
There is no explicit install spec in the registry (instruction-only), but package.json lists 'playwright' as a dependency and README instructs 'npm install playwright' and optionally 'npm install clawpay'. Using Playwright is reasonable for web automation but elevates risk because it runs a browser with access to session data. No remote download URLs or archive extracts are used; dependencies are standard npm packages (moderate risk).
!
Credentials
The skill declares no required env vars, but examples in README and usage show a ClawPay client constructed from process.env.WALLET_PRIVATE_KEY and network 'base'. The escrow flow requires a wallet private key (sensitive secret) to create/release USDC escrow. The code also expects a local browser session (containing Amazon cookies and saved payment methods) which is effectively privileged data. These sensitive requirements are not declared in the skill metadata, so the requested privileges are not proportional to the published manifest.
!
Persistence & Privilege
The skill is not marked always:true, and autonomous invocation is allowed (default). The code requires read/write access to local directories (.chrome-session, /tmp/vhagar-purchase) and may access saved browser session data (cookies/payment methods). The skill metadata points to evidence paths outside the package, and the code will create artifacts (screenshots, proof.json) on disk. Combined with escrow wallet usage, this persistent filesystem and session access increases blast radius if misused.
What to consider before installing
Key things to consider before installing or running this skill: - Secrets & keys: The package will likely need your escrow wallet private key (WALLET_PRIVATE_KEY) to operate ClawPay; do NOT provide a real private key unless you fully trust the author. The skill metadata does not list this requirement, but README/examples do. - Browser session & payments: The Amazon automation requires a saved browser session directory (.chrome-session). That session may contain your Amazon login cookies and saved payment methods — running the skill gives code access to those. Confirm you want to expose that session, or use a dedicated test account with no real payment methods. - Autonomy mismatch: The repository claims 'autonomous' execution, but the included Amazon script is interactive (prompts for 'yes' before placing an order). If you expect fully autonomous behavior, review and test the code paths that auto-confirm orders. - Sandbox and test: Test in an isolated environment (VM/container) with test accounts and no real funds. Use a mock or test escrow client rather than a real ClawPay wallet. Verify what files are read/written (session dir, /tmp screenshots, proof.json). - Code review: Review amazon-login.js (not included here) and any session-creation code before use. Check that the escrow client you use enforces on-chain safety and that releaseOnProof actually validates proofs you trust (the provided verification is minimal). - If you want to proceed: require a dedicated test Amazon account, do not use your real wallet private key, and consider running Playwright headless in a locked-down environment. If you are unsure, do not install — ask the author for explicit documentation of required env vars and a non-privileged test mode. Overall: this skill contains plausible commerce automation, but the mismatches (undeclared sensitive env vars, session access, interactive vs autonomous behavior) mean treat it as potentially risky until you audit and sandbox it.

Like a lobster shell, security has layers — review code before you run it.

latestvk9722q868eyd159ybmt8x4cq2x811k6e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments