Scan Report
5 /100
PriceTide
Shopping timing decision skill for Chinese e-commerce platforms that tells users whether to buy now, wait, watch for events, or stop chasing a price
PriceTide is a legitimate shopping timing decision skill with no security concerns - all capabilities are properly documented, no malicious patterns detected, and the only shell usage is a standard publishing script.
Safe to install
This skill is safe to use. The publish.sh script requires the clawhub CLI tool and is only used for publishing workflow.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | READ | ✓ Aligned | publish.sh reads package.json and CHANGELOG.md for metadata |
| Network | READ | READ | ✓ Aligned | SKILL.md declares browser workflow for public pages |
| Shell | WRITE | WRITE | ✓ Aligned | publish.sh executes clawhub CLI |
| Environment | NONE | NONE | — | No environment variable access |
| Skill Invoke | NONE | NONE | — | Skill does not invoke other skills |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | READ | READ | ✓ Aligned | SKILL.md declares reading public product/campaign pages only |
| Database | NONE | NONE | — | No database access |
File Tree
8 files · 20.8 KB · 671 lines Markdown 4f · 592L
JSON 2f · 38L
Shell 1f · 37L
YAML 1f · 4L
├─
▾
agents
│ └─
openai.yaml
YAML
├─
▾
scripts
│ └─
publish.sh
Shell
├─
CHANGELOG.md
Markdown
├─
clawhub.json
JSON
├─
package.json
JSON
├─
README.md
Markdown
├─
RELEASE.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ Comprehensive SKILL.md with clear capability declarations
✓ Safety boundary table explicitly lists what the agent can and cannot do
✓ Browser workflow limited to public pages with explicit stop points (no login, payment)
✓ No credential harvesting, data exfiltration, or obfuscation patterns
✓ Shell usage only in documented publishing script requiring CLI tool
✓ Clean codebase with no suspicious patterns (no base64, eval, direct IPs)
✓ MIT license with public GitHub repository reference