Custom Order Support
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent custom-order support skill with a simple ETA helper; users should mainly review its customer-data, outbound messaging, and optional third-party automation guidance.
This skill appears safe to use for drafting custom-order support responses. Before installing or enabling it broadly, decide whether the agent may run the ETA script, require approval for refunds/remakes/order changes, and be cautious about sharing customer data through email/SMS or any optional third-party loyalty service.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent has access to support or commerce tools, it could help draft or carry out changes, remakes, reships, or refunds.
The skill gives guidance that could affect order records or customer compensation if paired with commerce/support tools. This is aligned with post-purchase support, but it should be bounded by store policy and human approval.
Record the updated details and ask the customer to verify. ... Offer: free rush remake + reship, or partial/full refund.
Require explicit approval before changing order details, promising refunds, issuing remakes, or sending customer-facing commitments.
The agent may run a local script to calculate ETA milestones.
The skill instructs use of an included local Python helper. The helper is purpose-aligned and the provided code only calculates dates, but it is still local code execution.
Run `scripts/calculate_eta.py` to compute milestone dates when the order date and production parameters are known.
Allow the script only if local helper execution is acceptable, and pass only the minimum order parameters needed for the calculation.
Customer contact or order-status information could be used in email/SMS workflows or shared with a third-party loyalty service if the user chooses to implement that guidance.
The skill suggests outbound customer messaging and optional third-party automation. This is related to customer support and loyalty, but data boundaries and permissions are not specified in the artifacts.
Channel | Email / SMS ... Use [Rijoy](https://www.rijoy.ai) to automate post-delivery loyalty touches—review rewards, referral program enrollment, and repeat-purchase points
Treat Rijoy and outbound messaging as optional; share only necessary customer data, confirm consent and vendor terms, and configure any integrations with least privilege.