productOptimizer
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is transparent about its purpose, but it can use your BigCommerce write token to rewrite and publish product content across the whole store without pausing for approval.
Install only if you intentionally want a live BigCommerce catalog rewrite. Before running, export or back up your products, test on a small batch or staging store, review page_N_updates.json before any update command, use a least-privilege Products-only token, and revoke the token and clean up local JSON files after the job.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may continue changing product listings even when a user would reasonably expect a checkpoint or review opportunity.
The skill changes the normal stopping condition by instructing the agent not to pause during a bulk store-modification workflow.
**CRITICAL: Do NOT stop between pages. Process ALL pages continuously until done.**
Require explicit user confirmation before starting, add review checkpoints, and allow the user to stop or approve each batch before updates are pushed.
Generated content can overwrite live public product listings, potentially affecting sales, SEO, brand presentation, or compliance.
The helper directly sends generated product names and descriptions to BigCommerce with a live API PUT request.
payload["name"] = product["name"] ... payload["description"] = product["description"] ... api_put(args.store_hash, args.token, f"/catalog/products/{pid}", payload)Add a dry-run mode, require human review of page_N_updates.json before PUT requests, validate/sanitize generated HTML, and keep a backup/export for rollback.
A bad generation pattern, wrong brand voice, or mistaken update file could spread across many or all products before it is noticed.
The workflow is designed to keep propagating changes page by page across the catalog, even after individual failures.
Then **IMMEDIATELY** proceed to the next page. Do NOT wait for user input. ... if one product fails, log it and continue to the next
Default to small batches, stop on unusual failure rates or quality issues, and require approval before continuing to the next page.
Anyone or anything using that token can change product content within its scope.
A Products read/write token is expected for this integration, but it grants authority to modify the store catalog.
**API Token** — a BigCommerce API v3 token with `Products` read+write scope
Use the least-privilege token possible, avoid broader store scopes, do not reuse long-lived admin tokens, and rotate or revoke the token after the job.
This may alter the system Python environment and depends on whatever package version is current at install time.
The setup asks the user to install an unpinned dependency while bypassing system package protections; requests is purpose-aligned, but this is not the safest install pattern.
pip install requests --break-system-packages
Install in a virtual environment and pin a known-good requests version instead of using --break-system-packages.
Business-sensitive catalog data may remain in the working directory or logs after the run.
Fetched catalog details such as SKUs, prices, and descriptions are written to local JSON files and printed for the agent to read.
"sku": p.get("sku", ""), "price": p.get("price", 0), ... json.dump(simplified, f, indent=2) ... print(json.dumps(simplified, indent=2))Run it in a private workspace, avoid shared terminals/logs, and delete page_N_products.json, page_N_updates.json, and progress.json when no longer needed.
Re-running the skill may continue a previous bulk update unless the progress file is removed or edited.
The skill persists run state and uses it to continue later. This is disclosed and not hidden, but it can resume a prior live-update workflow.
**Always use progress.json** — if re-invoked, resume from where you left off
Inspect progress.json before re-running, and delete or archive it if you want a fresh start or want to prevent continuation.