← Back to Skills Marketplace
134
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install prestashop-bridge-v1
Description
Secure skill pack for operating a PrestaShop 9 Bridge through a stable, signed, asynchronous API contract.
Usage Guidance
Do not install or use this pack until you confirm a few things: 1) The registry/manifest shown to the platform should list the same required environment variables declared inside _meta.json and docs—if the platform shows none, ask the publisher why. 2) Verify the package actually includes .env.bridge.example and examples.http referenced by the validator; those files appear to be missing from the provided manifest. 3) Inspect validators/validate_examples.py: it contains a hard-coded SECRET used to compute example HMACs — treat this as an example secret only and ensure you never deploy or reuse it in production. 4) Confirm the package origin and homepage/source (source is unknown here); prefer packages with a verifiable upstream repo or publisher. 5) If you plan to deploy, ensure secrets (oauth client secret, HMAC secrets, JWT private key, DATABASE_URL, REDIS_DSN) are provided through secure secret storage and not committed. 6) Ask the publisher to fix metadata inconsistencies (registry requirements, included example files) and to remove or clearly label any embedded test secrets before trusting automated agents with these credentials.
Capability Analysis
Type: OpenClaw Skill
Name: prestashop-bridge-v1
Version: 1.0.3
The PrestaShop Bridge V1 skill bundle is a well-structured and security-focused integration for AI agents. It implements robust security measures including OAuth2 (RS256), HMAC-SHA256 request signing, and strict JSON schema validation (additionalProperties: false). The SKILL.md file contains safety-oriented 'Absolute refusal rules' that explicitly prohibit the agent from accessing the filesystem or database directly, ensuring it stays within the defined API boundary. The included validation script (validators/validate_examples.py) and comprehensive documentation demonstrate a high level of engineering rigor without any signs of malicious intent or obfuscation.
Capability Assessment
Purpose & Capability
The SKILL.md, README, openapi.yaml, and schemas consistently describe a PrestaShop Bridge that legitimately requires secrets (OAuth client credentials, JWT keys, HMAC secret), Redis and MySQL access. However the registry-level 'Requirements' summary (top of the provided metadata) lists no required environment variables or config paths, which is inconsistent with _meta.json, docs, and the validator that all declare many required runtime variables. This mismatch between published metadata and the package contents is a red flag (either metadata was omitted or the package may be incomplete).
Instruction Scope
The SKILL.md instructions themselves are narrowly scoped to API usage, signing, and polling and explicitly forbid direct DB/filesystem access. That is coherent for a bridge contract. However the included validator script reads local files and expects a .env file and examples.http; the SKILL.md and docs instruct maintainers to run the validator and to verify exact HMAC examples. The validator also embeds a fixed SECRET used to compute example HMACs, which leaks an example signing secret inside the package and increases the chance someone will accidentally reuse it.
Install Mechanism
This is an instruction-only pack with no install spec and no external downloads — low installation risk. The only code files are small validators/eval scripts included for local verification.
Credentials
The package (in _meta.json and docs) declares many sensitive environment variables (OAUTH_CLIENT_SECRET, JWT_PRIVATE_KEY_PATH, HMAC_SECRET_CURRENT/PREVIOUS, DATABASE_URL, REDIS_DSN, etc.), which are proportionate to the stated bridge purpose. The problem is the registry-level requirements shown to the platform were empty; that inconsistency could cause a user to install without providing required secrets. Additionally, validators/validate_examples.py embeds a long hex SECRET constant — this is a hard-coded secret inside the repo (not a platform requirement) and could be mistaken for a runtime secret or misused; it's poor hygiene and may aid attackers if reused.
Persistence & Privilege
The skill does not request permanent platform presence (always:false) and does not request elevated platform privileges. It does not modify other skills. Autonomous invocation remains enabled (normal), but there is no combination of 'always' plus broad credentials here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install prestashop-bridge-v1 - After installation, invoke the skill by name or use
/prestashop-bridge-v1 - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
Version 1.0.3 fixes publication trust issues by aligning package version metadata, declaring the environment contract explicitly, replacing all placeholder HMAC signatures with exact computed values, and strengthening local validation for examples and runtime requirements.
v1.0.1
Improved trust and validation for PrestaShop Bridge V1.
Added quickstart, environment guide, trust and safety documentation, a local validator, split examples, schema-bound examples, and a clearer security policy.
v1.0.0
PrestaShop Bridge V1 1.0.1 introduces an extensive security and operational contract for stable interaction with PrestaShop 9 via modern API best practices.
- OAuth2 (client credentials) with JWT (RS256) required for authentication and scope-based access.
- HMAC SHA256 signing mandatory for all protected endpoints; includes strict signing protocol.
- Synchronous reads, asynchronous writes, job polling, strict idempotency via X-Request-ID.
- Complete API docs for core operations: read/write products/orders, import, and job status.
- Rate limits, payload limits (10MB), compression guidelines, and explicit error/response handling documented.
- Robust security, refusal, and usage rules laid out for reliability and compliance.
Metadata
Frequently Asked Questions
What is PrestaShop Bridge V1?
Secure skill pack for operating a PrestaShop 9 Bridge through a stable, signed, asynchronous API contract. It is an AI Agent Skill for Claude Code / OpenClaw, with 134 downloads so far.
How do I install PrestaShop Bridge V1?
Run "/install prestashop-bridge-v1" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is PrestaShop Bridge V1 free?
Yes, PrestaShop Bridge V1 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does PrestaShop Bridge V1 support?
PrestaShop Bridge V1 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created PrestaShop Bridge V1?
It is built and maintained by Ansz089 (@ansz089); the current version is v1.0.3.
More Skills