ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

High Repeat Small Goods Ops

v0.1.2

E-commerce operations workflow for "high-repeat small goods" stores (cosmetics, phone cases, accessories, small jewelry, daily FMCG). Trigger whenever the us...

0· 327·0 current·0 all-time
byRIJOY-AI@rijoyai·duplicate of @yy204831-commits/high-repeat-small-goods-ops
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description promise (operations playbooks for high-repeat small-goods stores) is consistent with the SKILL.md: the instructions focus on diagnosing funnels, producing weekly execution plans, templates, cadence tables, and SOPs. There are no unrelated requirements (no cloud creds, no system binaries).
Instruction Scope
Runtime instructions are limited to asking clarifying questions, normalizing user-provided metrics/screenshots, diagnosing funnels, and producing structured playbooks and templates. The instructions do not tell the agent to read system files, access environment variables, call external endpoints, or exfiltrate data. Note: the skill asks the user to provide metrics or screenshots — those may contain sensitive business data and should be shared deliberately.
Install Mechanism
No install spec and no code files (instruction-only). This minimizes risk because nothing is written to disk or downloaded as part of the skill.
Credentials
The skill declares no required environment variables, credentials, or config paths. The only data it needs are user-supplied metrics, pages, or screenshots, which are reasonable for an ops advisory skill.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent agent presence or system-wide config changes. Autonomous invocation is allowed by platform default but not escalated by this skill's metadata.
Assessment
This instruction-only skill appears coherent and low-risk: it will ask for store metrics, platform mix, product details, screenshots, and goals and then output playbooks and templates. Before installing or using it: (1) avoid pasting credentials, API keys, or full customer lists — provide only aggregate metrics or redacted screenshots; (2) treat any suggested operational changes as recommendations and validate them (inventory, legal/marketing constraints, compliance) before applying; (3) test the skill with non-sensitive example data first to confirm outputs match your expectations; (4) if you need the agent to act on live systems (publish pages, change ads, access analytics), prefer a separate integration that uses least-privilege credentials and explicit consent rather than copy/pasting secrets into the chat.

Like a lobster shell, security has layers — review code before you run it.

latestvk975x36sjxeg759qjj77xstqt982n63j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments