Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
icosmos.space
v0.0.1Shopify 店铺运营/诊断技能:从 Supabase 拉取店铺域名与 token,做装修/产品/结账/指标异常检测,并支持发布引流博文(唯一写操作)。
⭐ 0· 139·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to be a Shopify audit/diagnostic tool (read-only, with a single write action to publish blogs). That purpose is coherent with operations like fetching shop, product, order, and blog data. However, the SKILL.md also says it will 'pull store domain & token from Supabase' and requires the user to save ICOSMOS_USER_EMAIL and ICOSMOS_USER_PASSWORD to environment variables; none of these required credentials or access mechanisms are declared in the registry metadata. The dependency on Supabase for tokens is plausible but not explained (no Supabase URL, anon/service key, or role described), making the credential flow unclear and disproportionate to the declared registry requirements.
Instruction Scope
The SKILL.md instructs the agent to sync tokens from Supabase, read shop data (orders, products, themes), redact sensitive fields, and only perform blog publish when --confirm is given. It also tells users to store ICOSMOS_USER_EMAIL and ICOSMOS_USER_PASSWORD in system environment variables and references a local CLI binary './icosmos-shopify'. The instructions thus assume access to: (a) Supabase-stored tokens, (b) user email/password stored in env, and (c) a local CLI. Those assumptions are not reflected in the declared requirements, and they involve handling sensitive data (admin tokens, order emails). The document's sanitization claims reduce risk but are implementation promises rather than verifiable controls.
Install Mechanism
There is no install spec and no code files (instruction-only), which is lowest-risk in theory. But the instructions expect a local CLI binary named icosmos-shopify in the current directory. The registry metadata lists no required binaries. This mismatch is important: the skill appears to rely on an external, unspecified binary (or code) that would need to be present or installed out-of-band, and that binary would perform the sensitive network and storage operations described.
Credentials
The SKILL.md requires ICOSMOS_USER_EMAIL and ICOSMOS_USER_PASSWORD to be saved in environment variables and references SHOPIFY_API_VERSION; it also expects access to stored Shopify admin tokens pulled from Supabase. Yet the skill metadata declares no required env vars or primary credential. Requesting user email/password and access to admin tokens is sensitive and should be explicitly declared and justified (why email/password rather than a Supabase service key? how are tokens protected?). The amount and type of sensitive access described is not proportional to the registry declarations.
Persistence & Privilege
always is false and autonomous invocation is allowed (normal). The SKILL.md says it will 'sync shop & token to local cache' (setup once), implying it will persist fetched admin tokens locally. That behavior is not reflected in metadata and has persistence/privacy implications (local storage of admin tokens). The skill does have an explicit guard for writes (blog publish requires --confirm), which is a positive control, but the persistence of tokens should be clarified (where stored, encryption, lifecycle, deletion/rotation).
What to consider before installing
Do not install or provide credentials yet. Ask the publisher to clarify: (1) exactly how Supabase is authenticated (Supabase URL and which key/role is used) and why ICOSMOS_USER_EMAIL/ICOSMOS_USER_PASSWORD are needed instead of a service key; (2) where the ./icosmos-shopify binary comes from (source repo or release) and provide a reproducible install method; (3) where and how fetched Shopify admin tokens are cached, encrypted, and rotated; (4) what exact Shopify API scopes are required and why; (5) whether sensitive fields are removed before any external transmission and which external endpoints are contacted. If you proceed, limit exposure by using least-privilege credentials (narrow Shopify scopes, short-lived tokens or dedicated read-only tokens where possible), run the CLI in an isolated environment, review the CLI source or vendor-supplied binary, and never put long-lived admin keys in a shared environment until you validate the implementation. If the publisher cannot answer these questions and provide an install/source for the CLI, treat the skill as unsafe.Like a lobster shell, security has layers — review code before you run it.
latestvk971gebwrt09g5jf4cyjrt675d832qrv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.