Firm Ecommerce Pack
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: firm-ecommerce-pack Version: 1.0.0 The skill bundle is classified as suspicious due to potential prompt injection vulnerabilities. The `SKILL.md` file contains `bash` code blocks with `npx clawhub@latest install` commands. While these are likely intended as user-facing recommendations, an AI agent susceptible to prompt injection could misinterpret and execute these commands, leading to the unintended installation of other OpenClaw skills. Additionally, the `sessions_spawn` tool is listed in `metadata.openclaw.tools`, which, depending on its capabilities, could allow the agent to execute arbitrary commands, further increasing the risk of unintended actions if combined with prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the recommended companion skills may add new capabilities, integrations, or account access that this bundle itself does not contain.
The skill recommends installing multiple companion skills from ClawHub. This is expected for a bundle, but those additional skills are outside this artifact set and should be reviewed separately.
npx clawhub@latest install activecampaign ... airtable-automation ... biz-reporter ... firm-orchestration ... firm-delivery-export
Review each recommended skill’s permissions, credentials, and behavior before installing it.
If combined with commerce or payment tools, an agent could interpret this workflow as permission to issue refunds.
A sample prompt describes automatic refunds. The skill does not provide payment credentials or refund code, and the example is user-directed, but real refund actions would be financially impactful if connected through other tools.
constraints: ["SLA: 24h response", "auto-refund for orders < €50"] ... definition_of_done: "Resolution report: refunds processed, root cause, prevention plan"
Require explicit confirmation before processing refunds, credits, customer messages, or other account-changing actions.
Information shared during orchestration may be sent between spawned sessions or reused from session history.
The skill declares session send, spawn, and history tools, indicating multi-agent/session orchestration. This aligns with the firm-pack purpose but can move context between sessions.
tools:
- sessions_send
- sessions_spawn
- sessions_historyAvoid including unnecessary sensitive customer, payment, or business data in orchestration prompts, and verify how companion orchestration tools handle session boundaries.
Project artifacts, summaries, or context may persist locally and influence later work.
The suggested configuration uses a persistent local workspace path. This is normal for project orchestration, but outputs and context may remain available for later tasks.
"workspace": "~/.openclaw/workspace/ecommerce-firm"
Use a dedicated workspace for each business/client context and clean it up when no longer needed.