Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
icosmos shop
v0.0.1Shopify 店铺运营/诊断技能:从 Supabase 拉取店铺域名与 token,做装修/产品/结账/指标异常检测,并支持发布引流博文(唯一写操作)。
⭐ 0· 149·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a Shopify diagnostic tool (read-only plus a single blog-publish write action), which is coherent with the skill name. However the doc also says it pulls shop domains and API tokens from Supabase and requires ICOSMOS_USER_EMAIL / ICOSMOS_USER_PASSWORD to 'sync' tokens to a local cache — none of these required credentials or the Supabase endpoint/key are declared in the registry metadata. The need for a user password to read a Supabase-stored token is unexplained and disproportionate without more context.
Instruction Scope
Instructions direct the agent to fetch tokens from Supabase, run a locally-present CLI named 'icosmos-shopify', and write tokens to a local cache. There is no guidance about the Supabase connection (URL/keys), where the local cache is stored, or how long tokens persist. While the diagnostic steps themselves are within the stated purpose, the instructions include reading and persisting sensitive secrets (shop tokens) without specifying protections or provenance, and they assume the presence of a local binary that was not provided.
Install Mechanism
This is instruction-only and has no install spec, yet the SKILL.md repeatedly references a local CLI ('./icosmos-shopify' or current-dir binary). The registry metadata lists no required binaries. That mismatch is a red flag: the skill will not work unless an external binary is supplied, and there is no secure or reviewed install mechanism or provenance for that binary described.
Credentials
Registry metadata declared no required env vars, but SKILL.md requires ICOSMOS_USER_EMAIL and ICOSMOS_USER_PASSWORD (to be saved into system env) and optionally SHOPIFY_API_VERSION. It also implies access to Supabase-held tokens but does not declare or justify Supabase credentials. Requesting a user password stored as an env var and pulling API tokens from an external DB without declaring required secrets is disproportionate and inconsistent.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable (normal). However SKILL.md instructs syncing tokens to a local cache (persistence) which increases long-term privilege: cached tokens could be reused by the agent later. The document claims log redaction and requires an explicit '--confirm' for publish actions, which are mitigating controls if honestly implemented — but their implementation is not provided here.
What to consider before installing
Do not install or enable this skill yet. Ask the publisher for: (1) source code or an install package and a verifiable origin for the 'icosmos-shopify' binary; (2) exact Supabase connection details (URL, required credentials) and why ICOSMOS_USER_EMAIL/ICOSMOS_USER_PASSWORD are needed; (3) where and how tokens are cached on disk and how long they persist; (4) proof that log redaction and the '--confirm' publish guard are actually enforced. If you must test it, run it in an isolated environment (ephemeral VM/container), avoid setting global env vars for passwords, and provide minimally-scoped Shopify tokens (least privilege). If you cannot get clear answers and source/install provenance, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk97e78rv7v0bn4ewt3ktkb8p2s832t2p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.