Magento2 Commerce
PassAudited by ClawScan on May 13, 2026.
Overview
The provided artifacts look like a legitimate Magento development guidance bundle with safety checks, but users should expect live documentation lookups and should carefully approve any deployment or CLI actions.
This appears safe to use as a Magento development assistant based on the visible artifacts. Before installing, be aware that it encourages live documentation lookups and includes deployment/CLI guidance that can affect real Magento stores. Ask the agent to confirm before running commands such as setup:upgrade, cache:flush, deployment mode changes, or module enable/disable, especially on production systems. Some source text was truncated or omitted in the supplied review context, so this assessment is limited to the artifacts shown.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may browse Magento documentation or related references before producing code.
The skill instructs the agent to use web search or web fetch before coding. This is coherent for Magento version-specific development, but users should expect network lookups and external reference material in the agent context.
Before writing any Magento implementation code, you MUST web-search and/or web-fetch the relevant official documentation.
Allow web access only if desired, prefer official Adobe/Magento sources, and treat retrieved pages as reference material rather than as instructions that override the user.
If run against the wrong environment, deployment commands could change databases, invalidate caches, or disrupt a live store.
The deployment guidance includes commands that can mutate a Magento environment or affect site availability. This is expected for a deployment skill and the same file includes best-practice cautions, but these commands should not be run casually.
bin/magento setup:upgrade ... bin/magento setup:di:compile ... bin/magento setup:static-content:deploy ... bin/magento cache:flush
Require explicit user approval before running Magento CLI deployment commands, confirm the target environment, and ensure backups or staging validation for database-changing steps.
If a host or developer wires these scripts in as hooks, they may inspect tool inputs and warn or block certain Magento-related actions.
The package is described as instruction-only but includes helper scripts. The visible scripts are safety checks for Magento commands and hardcoded secrets, and the provided manifest does not declare automatic execution, so this is a transparency note rather than a concern.
No install spec — this is an instruction-only skill. Code file presence: scripts/check_magento_commands.py; scripts/check_secrets.py
Review host hook configuration if you use the bundled scripts, and verify that any local hook behavior matches your workflow.