ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Product Commerce

v1.0.0

Search products, check prices and stock, create quotes, place orders — multi-tenant B2B/B2C commerce API

0· 132·0 current·0 all-time
byOrion@drivenbymyai-max

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for drivenbymyai-max/product-commerce.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Product Commerce" (drivenbymyai-max/product-commerce) from ClawHub.
Skill page: https://clawhub.ai/drivenbymyai-max/product-commerce
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install product-commerce

ClawHub CLI

Package manager switcher

npx clawhub@latest install product-commerce
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (product search, pricing, quotes, orders) align with the SKILL.md curl examples and listed MCP tools. The endpoints and operations shown (search, prices, check availability, create quote, place order) are coherent with a commerce API.
!
Instruction Scope
Runtime instructions directly POST to external endpoints that can create quotes and place orders. The SKILL.md provides concrete commands that transmit order and delivery data to https://sputnikx.xyz/api without any authentication or headers beyond Content-Type. That lack of auth is unexpected for operations that modify external state and potentially incur charges; it could be legitimate (public/guest API) but is an important inconsistency to verify.
Install Mechanism
Instruction-only skill with no install spec and no code files — minimal local footprint. This is low-risk from an install/execution perspective.
!
Credentials
The skill declares no required environment variables or credentials. Given that it can place orders and create quotes, one would normally expect at least an API key, merchant account credentials, or user context; absence of any credential requirements is disproportionate and should be confirmed with the provider.
Persistence & Privilege
always is false and the skill does not request persistent system configuration. It is user-invocable and allows autonomous invocation by default (platform normal), but nothing in the skill requests elevated presence or modifies other skills.
What to consider before installing
This skill appears to be a thin wrapper around an external commerce API (https://sputnikx.xyz). Before installing: 1) Confirm the API's authentication model — verify whether quotes/orders require API keys, OAuth, or other auth; do not allow the skill to run autonomously if it can place orders without explicit confirmation. 2) Check billing and side effects — test in a sandbox or with no-op/test endpoints to ensure you won't create real orders or incur charges. 3) Verify the provider and domain (sputnikx.xyz) reputation and review API docs to ensure endpoints are legit. 4) If you need safety, restrict the skill from autonomous invocation or require explicit user confirmation for any action that creates orders or sends data externally.

Like a lobster shell, security has layers — review code before you run it.

latestvk9756wy8a093dkrtvetsemk3rd83c75k
132downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Orion@drivenbymyai-max
latest
Download

Product Commerce

Search products, check prices and availability, create quotes, place orders. Multi-tenant B2B/B2C platform — heating fuel (granulas, briketes) and wood products (plywood, veneer, OSB).

Base URL

https://sputnikx.xyz/api

Search Products (free)

curl "https://sputnikx.xyz/api/feed/products.json"

Get Prices (free)

curl "https://sputnikx.xyz/api/feed/prices"

Check Availability (free)

curl "https://sputnikx.xyz/api/v1/agent/products/check?sku=GRAN-001"

Create Quote ($0.10 x402)

curl -X POST https://sputnikx.xyz/api/v1/agent/orders/quote \
  -H "Content-Type: application/json" \
  -d '{"items":[{"product_id":1,"quantity":10}]}'

Place Order ($0.10 x402)

curl -X POST https://sputnikx.xyz/api/v1/agent/orders/place \
  -H "Content-Type: application/json" \
  -d '{"items":[{"product_id":1,"quantity":10}],"delivery_address":"Riga, Latvia"}'

MCP Tools

search_products — Search with filters (category, type, keyword)
get_prices — Current EUR prices with price_per_kg
check_availability — Stock across warehouse locations
create_quote — Draft quote with 21% VAT
place_order — Place order (max EUR 50,000, idempotent)
order_status — Check order by ID

Comments

Loading comments...