Scout Commerce
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill’s shopping and swap functions match its stated purpose, but it can use a saved transaction-authorizing API key to spend wallet funds without clear confirmation or limit controls.
Use this skill only with a limited-balance wallet and after explicit confirmation for each purchase or swap. Protect credentials.json, review the product/order details before running buy.py, prefer quote mode before swaps, and install dependencies in an isolated environment.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent runs these commands too broadly or without confirming details, it could place orders or swap tokens using the user’s funded wallet.
The skill documents direct purchase and swap execution commands as normal actions, while quote mode is optional. The artifacts do not require an explicit user confirmation, final price check, or spending limit before funds can be used.
**Buy product** → `python buy.py amazon:B07GBZ4Q68` ... **Swap tokens** → `python swap.py SOL USDC 5` ... **Get swap quote** → `python swap.py --quote SOL USDC 5`
Only use buy or swap commands after an explicit user confirmation that includes product, price, quantity, token pair, amount, and acceptable slippage or total cost.
Anyone or any agent process with access to the credentials file could potentially use the Scout wallet authority for purchases or swaps.
The saved API key is not just an identifier; the documentation says it can authorize wallet transactions and will be loaded automatically by commands.
API key loads automatically from `credentials.json` ... **Keep API key secure** - it authorizes transactions from your wallet.
Treat credentials.json like a wallet secret, restrict file access, fund the wallet only with limited amounts, and rotate or revoke the API key if exposed.
Dependency behavior could change depending on what versions are installed.
The skill includes Python dependencies with lower-bound version ranges and no lockfile in the provided artifacts. This is common, but it means future installs may resolve different package versions.
x402[httpx,svm]>=2.0.0 solana>=0.34.0 solders>=0.21.0 base58>=2.1.0
Install in an isolated environment and prefer pinned, reviewed dependency versions before using the skill with real funds.
Stored email and address data may be reused on future orders and should be protected and kept accurate.
The skill stores persistent shipping context in credentials.json and reuses it for future orders. This is purpose-aligned, but it is sensitive personal information and stale or incorrect data could affect purchases.
"shipping_profile": { "email": "...", "address": "..." }Review credentials.json before purchases, remove stale shipping data, and delete the file if you no longer use the skill.