AudTools Shopify Batch Collector
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running it with the wrong CSV or on the wrong page could submit many unintended collection jobs.
The script automatically submits every CSV link to AudTools with quantity 9999 at two-second intervals, which is exactly the stated purpose but can create many account-side actions quickly.
await page.fill(inputSelector, link); ... await page.fill(quantitySelector, '9999'); ... await submitButton.click(); ... await page.waitForTimeout(2000);
Use a small test CSV first, watch the browser during execution, and stop the run if the page or selected fields look wrong.
Actions are performed under the user's AudTools account and may affect that account's collection jobs or usage.
The skill may operate inside the user's logged-in AudTools account, but it discloses that login may be required and asks the user to log in manually rather than collecting credentials.
检测是否需要登录,需要登录会提醒你手动登录
Only log in with an account intended for this automation and confirm the account has appropriate permissions and usage limits.
Installing the skill may add external npm packages to the local environment.
The skill requires npm dependencies for browser automation and CSV parsing. This is expected for the purpose, and a package-lock is included, but installing dependencies still introduces normal third-party package supply-chain risk.
"dependencies": { "playwright": "^1.40.0", "csv-parser": "^3.0.0" }Run npm install from a trusted network and project directory, and review or pin dependency versions if your environment requires stricter supply-chain controls.