Creem Agent
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is aligned with Creem store operations, but it can act autonomously with a Creem API key, including creating discounts and posting billing links without asking first.
Install only if you want an autonomous Creem operations agent. Before use, scope the Creem API key, make discount creation and billing-link posting require confirmation, restrict Discord posting to private allowlisted channels, and know that heartbeat state is stored under ~/.creem.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could change store discount data or expose a customer billing portal link before the user reviews the action.
This directs the agent to use tools for sensitive customer/account actions immediately, including posting billing links and creating discounts, without requiring user confirmation.
For failed payment (`past_due`) → immediately run `creem customers billing <customerId>` and post the portal link. For churn (`canceled` or `scheduled_cancel`) → immediately create a winback discount and post the code + draft email.
Require explicit user approval before creating discounts or posting billing portal links, and restrict products, discount size/duration, and posting destinations.
If this template is applied, the agent may continue monitoring and acting on store events in the background.
The template configures recurring unattended execution with direct tool policy allowed, which can keep the agent operating beyond a single user request.
"heartbeat": { "every": "30m", "target": "last", "directPolicy": "allow", "lightContext": true, "isolatedSession": true }Make the heartbeat opt-in, document how to disable it, and use an approval-required policy for any action that changes store data or posts externally.
Installing and running the skill grants it access to Creem account operations available to the supplied API key.
The skill needs the Creem API key to perform its stated store-management purpose, but that credential is powerful and is also used for raw API calls.
Before running your first `creem` command, ALWAYS ensure you are authenticated by running: `creem login --api-key $CREEM_API_KEY`
Use the least-privileged Creem key available, avoid production credentials until tested, and rotate the key if the skill is removed or no longer trusted.
Revenue, churn, failed-payment, or billing-link information could be posted into Discord channels if configured.
The template enables Discord output using a bot token; this is purpose-aligned for alerts but means store-health or customer-related updates may leave the local session.
"discord": { "enabled": true, "token": { "source": "env", "provider": "default", "id": "DISCORD_BOT_TOKEN" }, "groupPolicy": "allowlist" }Limit the bot to private allowlisted channels and avoid posting secrets, customer portal links, or unnecessary customer identifiers.
A local file will contain business operational metadata and can influence future heartbeat alerts.
The heartbeat script persists subscription IDs/statuses and counts locally to detect future changes, which is purpose-aligned but creates reusable local state.
STATE_FILE = Path(os.path.expanduser("~/.creem/heartbeat-state.json")) ... "knownSubscriptions": current_knownProtect the ~/.creem directory, document retention expectations, and delete the state file if you want the agent to forget prior heartbeat state.
Users may be surprised if an install step creates a local ~/.creem directory or changes script permissions.
An install script is included even though the registry summary says there is no install spec; the script body is simple local setup, but the packaging metadata and script comment are not fully aligned.
# This runs automatically when someone installs the skill from ClawHub ... chmod +x scripts/heartbeat.py ... mkdir -p ~/.creem
Align the registry install metadata with the package contents and clearly document whether install.sh is executed.