Medusa Commerce
PassAudited by ClawScan on May 13, 2026.
Overview
The provided artifacts look like a coherent Medusa development guidance bundle, with disclosed documentation lookups and no evidence of hidden credential use, persistence, exfiltration, or destructive automation.
This appears safe to use as a Medusa v2 development helper. Expect it to consult live official docs and still review generated code, migrations, admin/API changes, and any omitted skill files before applying them to a real store or database.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may browse external Medusa documentation before generating code, which can improve accuracy but introduces reliance on retrieved web content.
This directs the agent to use web-search or web-fetch tools as part of normal coding work. It is clearly disclosed and aligned with the skill's goal of producing current Medusa v2 guidance.
Before writing any Medusa implementation code, you MUST web-search and/or web-fetch the relevant official documentation.
Allow this behavior if you want current framework guidance; otherwise restrict web tools or ask the agent to use only locally provided documentation.