ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Shopify Dropshipping Finder

v1.0.0

Dropshipping product research and supplier evaluation for Shopify stores. Analyze product viability, find reliable suppliers, estimate margins, and build a w...

0· 140·0 current·0 all-time
by@mguozhen

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mguozhen/shopify-dropshipping-finder.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Shopify Dropshipping Finder" (mguozhen/shopify-dropshipping-finder) from ClawHub.
Skill page: https://clawhub.ai/mguozhen/shopify-dropshipping-finder
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install shopify-dropshipping-finder

ClawHub CLI

Package manager switcher

npx clawhub@latest install shopify-dropshipping-finder
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to perform dropshipping research and indeed constructs a research prompt and prints a report, which is coherent. However, the included analyze.sh requires the local 'openclaw' agent CLI and python3 at runtime, but the skill declares no required binaries. That mismatch (undeclared dependencies) is a coherence problem — a user installing this skill may not realize it will invoke a local agent binary.
Instruction Scope
The SKILL.md and analyze.sh stay within the stated purpose: building a product research prompt, calling a local agent to generate analysis, and printing the result. The script does not read arbitrary system files or request environment variables. However, it invokes 'openclaw agent --local', which may cause the local agent to send the prompt (and therefore any user-provided input) to configured model backends or plugins; that forwarding behavior is not documented in the skill and is an implicit side-effect users should be aware of.
Install Mechanism
There is no install spec — the skill is instruction-only with one shell script. No remote downloads or archive extraction are present. That minimizes installation risk, but runtime dependency execution still occurs when analyze.sh runs.
Credentials
The skill declares no required environment variables or credentials and the script does not reference any ENV vars. This is proportionate to the stated purpose. Note: the local 'openclaw' agent invoked by the script may itself read or use environment variables from the host environment depending on its configuration.
Persistence & Privilege
The skill is not force-installed (always:false) and is user-invocable. It does invoke the local agent CLI ('openclaw agent --local'), enabling nested/recursive agent activity at runtime — this increases blast radius if the local agent is configured with network access or plugins, but the skill itself does not request persistent privileges or modify other skills.
What to consider before installing
This skill is mostly coherent with its stated purpose, but take these precautions before installing or running it: - Inspect and confirm you have the required runtime tools: the script calls 'openclaw' and 'python3' but the skill lists no required binaries. If you don't want the skill to run the local OpenClaw agent, do not run analyze.sh. - Understand what your local OpenClaw agent does: 'openclaw agent --local' may forward prompts to remote model endpoints, plugins, or other skills. Check your agent's configuration and network permissions so you know where your prompts and any example data will be sent. - Run in a sandboxed environment first (or with network disabled) to observe behavior and ensure no unexpected network calls are made. - If you plan to use it regularly, consider adding explicit dependencies to the skill metadata (openclaw, python3) or editing the script to fail with a clear error if those binaries are missing. - If you have sensitive data or secrets on the machine, don't pass them to this skill and verify the local agent cannot access them or environment variables you care about. Given the undeclared runtime dependencies and implicit local-agent forwarding behavior, proceed cautiously and verify the environment the skill will run in.

Like a lobster shell, security has layers — review code before you run it.

latestvk9704jhmtkbpmy01gmdc90gj9x83fgvv
140downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@mguozhen
latest
Download

Shopify Dropshipping Finder

Evaluate dropshipping product opportunities and build a supplier + product strategy for your Shopify store.

Usage

dropshipping: evaluate phone accessories niche
supplier: find reliable source for yoga mats
dropship: analyze margin potential for home decor
product sourcing: pet accessories under $15 COGS

What You Get

  1. Product Viability Score — market demand, competition, margin potential
  2. Supplier Evaluation Matrix — reliability, quality, shipping speed scores
  3. Margin Calculator — COGS, shipping, ad spend, Shopify fees → net profit
  4. Winning Product Criteria — what makes a product dropship-worthy
  5. Top Supplier Platforms — ranked comparison for this niche
  6. Differentiation Strategy — how to stand out in saturated niches
  7. Scale-Up Roadmap — from dropshipping to private label

Comments

Loading comments...