Shopping Expert
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill may consume API quota or incur provider-side usage tied to the user's API keys.
The script uses provider API keys from environment variables for SerpAPI and Google Places, which is expected for this integration but gives the skill access to those services under the user's quota or billing account.
SERPAPI_KEY = os.environ.get("SERPAPI_API_KEY")
PLACES_API_KEY = os.environ.get("GOOGLE_PLACES_API_KEY")Use scoped provider API keys where possible, monitor quota/billing, and avoid sharing keys in prompts or logs.
Search terms, preferences, country, and local location strings may be transmitted to third-party APIs.
The script sends search parameters to SerpAPI and Google Places. This is consistent with the stated purpose, but product searches and local location queries are shared with external providers.
SERP_BASE_URL = "https://serpapi.com/search" PLACES_BASE_URL = "https://places.googleapis.com/v1" ... response = requests.get(SERP_BASE_URL, params=params, timeout=30) ... response = requests.post(url, json=body, headers=headers, timeout=30)
Do not use highly sensitive addresses or private purchasing details unless you are comfortable sending them to the configured providers.
Dependency versions may vary over time depending on the package resolver and available packages.
The uv-run script declares runtime Python dependencies using lower-bound version constraints. This is common and purpose-aligned, but it relies on package resolution from the Python package ecosystem rather than fully pinned versions.
# dependencies = [ # "requests>=2.31.0", # "urllib3>=2.0.0", # ]
Install in a normal isolated environment and, for stricter reproducibility, pin or lock dependencies before deploying in sensitive environments.