WooCommerce Order Guard
v1.0.0Monitors new WooCommerce processing orders, auto-copies missing shipping addresses from billing, and emits one alert per new order for automation.
⭐ 0· 55·1 current·1 all-time
byZero2Ai@zero2ai-hub
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description, SKILL.md, and the Python script are coherent: all request and actions relate to WooCommerce order monitoring and fixing. The script uses only the WooCommerce REST API and a local storage file; no unrelated capabilities or credentials are requested.
Instruction Scope
Instructions are limited to running the included script with a creds file and a storage path. The script only reads the provided creds file and the local deduplication file, calls the provided store URL, updates orders via the WooCommerce API, prints outputs, and writes the dedup store. Minor implementation notes: the code does not check the HTTP response from the PUT requests (no raise_for_status on updates) and has no file-locking, so concurrent runs could race or silently fail—these are hygiene/usability concerns, not evidence of malicious behavior.
Install Mechanism
No install spec; this is instruction-only plus a single Python script requiring the 'requests' library. That is proportionate and low-risk compared with download/install behaviors.
Credentials
The skill requires WooCommerce API credentials provided via a local JSON file (consumerKey/consumerSecret). This is appropriate and limited for the stated purpose. Users should note these are store credentials that grant API access (including write access for PUT), so the file must be protected. The registry metadata correctly lists no required environment variables; the credential is file-based rather than env-based.
Persistence & Privilege
The skill does not request permanent platform-wide presence (always:false) and doesn't modify other skills. It will perform privileged actions on the WooCommerce store (PUT orders) if given API keys — this is expected but important: anyone who supplies keys is granting the skill the ability to change orders. Autonomous invocation is allowed by default (normal for skills); if you don't want the agent to run it without prompting, disable autonomous invocation when installing.
Assessment
This skill appears to do what it claims, but before installing: (1) Create WooCommerce API keys with the minimal required permissions (the script needs write access to update orders); (2) store the creds JSON securely (restrict file permissions) and prefer using a staging store first to confirm behavior; (3) be aware the script will perform PUT requests that change orders—only provide keys for stores you trust; (4) ensure the machine running the cron has Python3 and the requests library, and that the storage directory exists and is writable by the runner; (5) if you plan concurrent runs, add file-locking or run single-instance cron to avoid race conditions; (6) consider improving error handling/logging (the script doesn't verify update responses). If you accept those points, the skill is coherent with its stated purpose.Like a lobster shell, security has layers — review code before you run it.
latestvk97ake2d3jspmq5hcj696yhy3h83sfxf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.