ClawHub
Back to skill
v0.1.0

Ecommerce Advertising

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:52 AM.

Analysis

This is a planning-only e-commerce advertising skill with disclosed web research and no evidence of credential use, persistence, or account-changing behavior.

GuidanceThis skill appears safe to use as a strategy-planning helper. Avoid putting highly confidential business details into web-searchable prompts, verify any important advertising advice before spending money, and only run the documented npx install command if you trust the source.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Use `web_search` and `web_fetch` to gather competitor intelligence.

The skill directs the agent to browse and fetch public web content for advertising research. This is expected for the stated purpose, but it means third-party pages and search results can shape the output.

User impactAdvice may be influenced by public web pages, competitor sites, ads libraries, or reviews, and search queries may reveal the product or competitor being researched.
RecommendationUse the web research features for non-confidential market information, and review important recommendations before using them in real campaigns.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
npx skills add nexscope-ai/eCommerce-Skills --skill ecommerce-advertising -g

The documentation includes a user-run global install command from a remote source. It is not an automatic runtime action, but global remote installs should be verified before use.

User impactIf a user manually runs the documented install command, they are trusting the referenced remote package or repository.
RecommendationInstall only from a trusted source, confirm the publisher and repository, and prefer pinned or registry-provided installation instructions where available.