Shop
ReviewAudited by ClawScan on May 11, 2026.
Overview
This appears to be a real shopping integration, but it can access a Shop account and make purchases or reorders without the provided artifacts showing clear confirmation or spending controls.
Install only if you trust the publisher and want an agent to help with shopping through Shop. Do not let it complete purchases, reorders, returns, or account changes unless it first shows you the exact item, merchant, total cost, shipping address, and action for explicit approval.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could initiate purchases or reorder items through an authenticated account without the user noticing all costs, shipping details, or merchant terms.
Making purchases is a high-impact action involving money and account state. The supplied artifacts disclose the capability, but do not show clear confirmation, spending-limit, or review requirements before purchases or reorders.
Capability signals: can-make-purchases; requires-oauth-token
Require an explicit user confirmation immediately before any purchase, reorder, return, or other account-mutating action, including item, merchant, total cost, shipping address, and refund/return terms.
Authenticated use may let the agent view order information and perform account-related shopping actions.
OAuth is purpose-aligned for order tracking and account functions, but it grants the agent delegated access to the user's Shop account.
This skill does not need auth for searching products, but needs auth for order tracking in Shop.
Authenticate only when needed, verify the sign-in URL is on the expected Shop domain, and avoid using the authenticated features for unrelated tasks.
If session memory is leaked, logged, or reused incorrectly, someone could potentially access the user's Shop session during the token lifetime.
The skill sensibly avoids asking users to paste tokens and limits token lifetime to the session, but access and refresh tokens in conversation memory remain sensitive and must not be exposed in outputs or reused across tasks.
Store the following in your agent's conversation memory ... `access_token` ... `refresh_token` ... Tokens flow only through the API and are scoped to the current conversation session and should be discarded when the session ends.
Keep tokens in protected runtime storage when possible, never display them to the user or third parties, and clear them at the end of the conversation.
Users have less provenance information to confirm whether this shopping skill is published by the expected provider.
The registry metadata does not identify a source repository or homepage, which is worth noticing for a skill that asks users to authenticate and can make purchases.
Source: unknown; Homepage: none
Before authenticating or purchasing, verify the skill publisher and ensure all sign-in and API URLs are on the expected shop.app domain.