CLISHOP
Security checks across malware telemetry and agentic risk
Overview
CLISHOP is a shopping plugin that openly supports real purchases, but its instructions allow high-impact account changes and reuse of stored personal data without clearly enforced confirmations.
Before installing, decide whether you are comfortable letting an agent access a shopping account that can save addresses, manage payment setup links, and place real orders. Use confirmations, conservative spending limits, and a dedicated profile, and ask the agent to confirm addresses and purchases before it acts.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses these tools too freely, it could place or cancel orders, change saved account details, or post reviews/advertising requests under the user's account.
These MCP tool capabilities can change shopping-account state, create public or business-facing content, and initiate real financial activity.
- place and cancel orders - manage addresses and payment methods - write reviews and handle support tickets - create advertise requests and review bids
Install only if you intend to delegate shopping actions; require explicit confirmation for purchases and account changes, set low spending limits, and use a dedicated test profile where possible.
A stale, incorrect, or poisoned memory entry could cause the wrong personal address to be saved or used for an order.
The skill instructs the agent to reuse stored or prior-context personal address data to write into the shopping account without an explicit fresh confirmation step.
If no suitable address exists and the user's home address is already available in memory or earlier conversation context, call `clishop__add_address` directly instead of asking the user to type it again.
Require the agent to show and confirm address details before saving them, setting defaults, or using them for purchases.
Anyone or anything with access to the stored session data may be able to act as the user within CLISHOP.
Persistent session tokens are expected for this authenticated shopping integration, but they give the runtime ongoing account access and the local-file fallback path is not specified.
Authentication tokens are stored by the CLISHOP runtime in the OS keychain when available, or local file storage otherwise.
Use a dedicated CLISHOP account or agent profile, review where tokens are stored, and revoke sessions if the device or workspace is shared or compromised.
The plugin depends on trusting the bundled runtime code as well as the visible skill instructions.
The bundle launches a local JavaScript MCP runtime. This is disclosed and purpose-aligned, but it means installing the skill runs bundled code locally.
"command": "node", "args": ["./dist/mcp.cjs"]
Install only from a trusted publisher/source and keep the plugin updated; review the bundled runtime if you need high assurance.