by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's purpose (Shopify email segmentation) matches its behavior, but the included script invokes a local OpenClaw agent and python3 while the manifest declares no required binaries — this mismatch and the fact that the script forwards arbitrary user input to a model/agent are worth caution.
评估建议
This skill appears to do what it says (generate Shopify email segmentation strategies), but review these points before installing or running it:
- The included analyze.sh calls an 'openclaw' CLI and python3, yet the skill manifest lists no required binaries. Ensure you have and trust the 'openclaw' binary on your system and that python3 is available.
- 'openclaw agent --local' may be a wrapper that sends data to remote services or requires API keys. Verify how your local OpenClaw agent is confi...详细分析 ▾
ℹ 用途与能力
The SKILL.md and the included analyze.sh both aim to generate an email segmentation strategy for Shopify stores — that is coherent. However, the manifest lists no required binaries while analyze.sh clearly depends on an 'openclaw' CLI and python3 (and a POSIX shell). The missing dependency declaration is an inconsistency: a user installing this skill would legitimately need those binaries.
ℹ 指令范围
The SKILL.md instructions themselves stay within the advertised scope (segments, flows, calendars, playbooks). The analyze.sh script takes arbitrary user input and injects it into a prompt that is passed to 'openclaw agent --local', then parses the agent's JSON output with python3. That means whatever text the user supplies is forwarded to the OpenClaw agent/process. There are no explicit steps that read unrelated local files or environment variables, and there are no HTTP endpoints called directly from the script, but the behavior depends on what the 'openclaw' CLI does (local-only vs network).
✓ 安装机制
There is no install spec (instruction-only), so nothing is automatically downloaded or written to disk by an installer. The only code shipped is analyze.sh (already present in the skill). This is lower risk than an installer that fetches external archives, but the script requires runtime tools not declared in the manifest.
ℹ 凭证需求
The manifest requests no environment variables or credentials, which fits the skill's apparent purpose. However, analyze.sh delegates to an 'openclaw' agent — that agent may itself require credentials or forward data to remote models/services. Because the skill does not document those requirements, it's unclear whether secrets (API keys, model tokens) might be used or needed at runtime.
✓ 持久化与权限
The skill does not request persistent presence (always:false) and does not modify system or other skill configs. It simply runs a script when invoked, so there are no elevated persistence or privilege indicators.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/23
Initial release — provides a complete framework for Shopify email list segmentation and email marketing. - Includes 10 core customer segment blueprints tailored for e-commerce. - Delivers an RFM analysis model for smarter targeting. - Provides ready-to-deploy automated email flow maps for Klaviyo and MailChimp. - Supplies a 12-month segment-specific campaign calendar and subject line formulas. - Incorporates revenue attribution guidelines and a prioritised A/B testing roadmap.
● 无害
安装命令 点击复制
官方npx clawhub@latest install shopify-email-segmentation
镜像加速npx clawhub@latest install shopify-email-segmentation --registry https://cn.clawhub-mirror.com
技能文档
Build a high-converting email marketing system with smart segmentation for your Shopify store.
Usage
email segmentation: pet accessories store 5,000 subscribers
Klaviyo: set up segments for fashion brand
email marketing: build flows for new Shopify store
email automation: $200K/year store improve retention
What You Get
- Segment Architecture — 10 core segments every Shopify store needs
- RFM Analysis Framework — Recency, Frequency, Monetary scoring model
- Automated Flow Map — 8 essential Klaviyo/MailChimp flows
- Campaign Calendar — 12-month email calendar by segment
- Subject Line Playbook — formulas by segment type
- Revenue Attribution — expected % of revenue from email
- A/B Testing Roadmap — what to test first and how
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制