Product Differentiation Shopify
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to be a local Shopify/DTC strategy analyzer with no artifact-backed malicious behavior, though users should verify the global install command before running it.
Before installing, verify the external Nexscope AI source used by the npx command. The skill otherwise appears to run a local analyzer on user-provided store, competitor, and review data, with no declared API keys or persistence.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing globally can add or update local skill files, so a user should trust the package source before running the command.
The skill documents a user-directed global install from an external package/repository. That is expected for installation, but users should verify the source because the registry metadata does not provide a separate install spec or homepage.
npx skills add nexscope-ai/eCommerce-Skills --skill product-differentiation-shopify -g
Verify the Nexscope AI repository/package source and review what will be installed before using the global install command.
Running the command executes the bundled analyzer script on the user's machine.
The documented workflow runs the included Python analyzer locally. This is purpose-aligned and user-directed, but it is still local code execution.
python3 scripts/analyzer.py
Run it only from the installed skill directory you intended to use, and provide only business/review data you are comfortable processing locally.