Shop
v0.0.28Your personal shopping assistant — Search, Buy, Track, Return, and Re-order products through the best product catalog in the world.
⭐ 4· 850·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name and description match the instructions: search endpoints, similar-product queries, order tracking and an OAuth device flow for authenticated operations. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
Runtime instructions stay within shopping scope: calling shop.app endpoints for search, similarity, auth and order operations; performing image downloads/ base64 encoding for similarity; and storing access/refresh tokens in ephemeral conversation memory. The doc explicitly forbids asking users to paste tokens. The instructions do require networking and the ability to poll the device-token endpoint — ensure your runtime permits that.
Install Mechanism
Instruction-only skill with no install spec and no code files, so nothing is being written to disk or downloaded during install.
Credentials
The skill declares no required environment variables or credentials. The only secrets used are OAuth tokens obtained via device-flow and the doc instructs they be stored only in ephemeral session memory — this is proportionate to order-tracking features.
Persistence & Privilege
always is false and autonomous invocation is allowed (platform default). The skill requests ephemeral session storage for tokens (normal). It does not request permanent system presence or modify other skills or system-wide settings.
Assessment
This skill appears coherent for shopping tasks. Before installing, confirm the runtime can perform network calls, fetch images, and store tokens only in ephemeral conversation memory (not persistent logs or files). Verify the shop.app endpoints are legitimate and that you are comfortable completing sign-in via the device-code URL shown in your browser. Do not paste tokens into chat (the skill also forbids this). If you plan to complete purchases, confirm checkout redirects/URLs go to expected merchant pages and handle payment information in a secure, trusted browser environment.Like a lobster shell, security has layers — review code before you run it.
latestvk97ddw2cjmzpvnjanaqqdazhw584cfa5shopvk97c47pw9dx76p0dn11jtqey7x83epj9shopifyvk97c47pw9dx76p0dn11jtqey7x83epj9shoppingvk97c47pw9dx76p0dn11jtqey7x83epj9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.