ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Shopify Payment Optimizer

v1.0.0

Cross-border payment solution comparison for Shopify stores. Compare fees, settlement speed, currency support, and risk profile across Airwallex, WorldFirst,...

0· 113·0 current·0 all-time
by@mguozhen

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mguozhen/shopify-payment-optimizer.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Shopify Payment Optimizer" (mguozhen/shopify-payment-optimizer) from ClawHub.
Skill page: https://clawhub.ai/mguozhen/shopify-payment-optimizer
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install shopify-payment-optimizer

ClawHub CLI

Package manager switcher

npx clawhub@latest install shopify-payment-optimizer
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, description, SKILL.md and analyze.sh are coherent: they implement a Shopify cross-border payment comparison. However, the file analyze.sh calls external binaries (openclaw and python3) even though the registry metadata lists no required binaries; that omission is an inconsistency the author should have declared.
Instruction Scope
SKILL.md instructions themselves stay on-task (compare providers, produce tables, check KYC). The included analyze.sh accepts user input and forwards it verbatim into a prompt passed to a local 'openclaw agent' invocation; this nested agent call may access broader context or networked LLMs and will transmit whatever the user provides to that process. The instructions do not tell the agent to read unrelated files or env vars, but the script's runtime behavior effectively delegates processing to another agent process.
Install Mechanism
No install spec (instruction-only plus a small script). Nothing is downloaded or written to disk by an installer; risk from install mechanism is low. The script itself will execute at runtime if invoked.
Credentials
The skill declares no required environment variables or credentials, which is reasonable for this use case. However, analyze.sh relies on external tools (openclaw, python3) and on whatever configuration those tools use by default—so runtime may access model credentials or network endpoints implicitly. That implicit access is not declared.
Persistence & Privilege
Skill flags: always:false and user-invocable:true. The skill does not request persistent/system-wide privileges or modify other skills. No 'always' or privileged settings are present.
What to consider before installing
This skill appears to do what it says, but take these precautions before installing or running it: - Inspect analyze.sh carefully (you already have it). It runs 'openclaw agent' and python3; ensure you trust the openclaw CLI on your system. The registry metadata should have declared these binaries but did not. - Understand data flow: the script forwards whatever you type directly into a prompt passed to a model process. Do not supply sensitive data (API keys, passwords, full business credentials) to this skill unless you know where the model runs and who can access it. - If you run it, do so in a sandbox/captured environment first to observe network calls and process behavior (e.g., monitor outbound connections). Verify whether the openclaw CLI uses remote models or local-only inference. - Ask the publisher to update metadata to list required binaries (openclaw, python3) and to explain whether the openclaw CLI transmits data to remote services and which credentials/config it uses by default. If you need low-risk use, prefer a version of the skill that does not invoke external agent CLIs or that documents and limits where prompts are sent.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d4q2k0br2zzb6zrk7vby52s83d7k6
113downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@mguozhen
latest
Download

Shopify Payment Optimizer

Find the best cross-border payment stack for your Shopify store's volume, markets, and currency needs.

Usage

payment: compare options for $50K/month US sales
settlement: best option for EU sales paying to China
payment optimizer: dropshipping store 10 countries
cross-border payment: new store under $5K/month

What You Get

  1. Fee Comparison Table — transaction fees, FX spread, withdrawal fees
  2. Settlement Speed Analysis — T+0 to T+7 breakdown by provider
  3. Currency Coverage Map — which provider covers your target markets
  4. Risk & Compliance Assessment — account freeze risk, reserve policies
  5. Recommended Stack — primary + backup payment combination
  6. Setup Checklist — documents needed, approval timeline
  7. Cost Savings Calculator — estimated annual savings vs PayPal-only

Comments

Loading comments...