← 返回 Skills 市场
hussainpatan9

Order & Returns Manager

作者 Hussain Khuzema · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
88
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install order-returns-manager
功能描述
Manage UK-compliant Shopify and WooCommerce orders via chat, including status, returns, refunds, exchanges, edits, fraud flags, lost parcels, and reports.
安全使用建议
This skill appears to do what it says (managing orders on Shopify/WooCommerce), but the published metadata inaccurately claims 'no credentials required' while the instructions require you to supply store API tokens and to let the bot store them. Before installing or using it: - Treat the required API tokens as highly sensitive. Create a dedicated custom app or API key pair with the minimum necessary scopes (least privilege) rather than using an owner/admin token. Limit write scopes where possible and rotate/revoke keys after testing. - Ask the skill/vendor (or the platform) where the tokens are stored: is the agent memory encrypted at rest, who can access it, and how long are keys retained? Confirm a way to delete or revoke stored credentials. - Don’t paste tokens into public channels. Prefer to enter them via a secure settings UI if available. - If you cannot verify secure storage or origin of the skill (source is unknown, no homepage), consider rejecting it or testing first with a low-privilege test store account and test tokens. - If you decide to proceed in production, limit liability by using an account with only the necessary Shopify/WooCommerce scopes and by monitoring access and token usage for anomalous activity. If the publisher can (a) update the registry metadata to declare required credentials, and (b) document how secrets are stored/secured and how to revoke them, that would materially reduce the concern.
功能分析
Type: OpenClaw Skill Name: order-returns-manager Version: 1.0.0 The 'Order & Returns Manager' skill is a legitimate tool designed to manage Shopify and WooCommerce store operations. It handles sensitive tasks such as processing refunds, fulfilling orders, and detecting fraud, but includes robust business logic and safety guardrails, such as enforcing UK Consumer Rights Act compliance and requiring manual approval for high-value transactions. The instructions explicitly forbid the AI from logging or repeating access tokens (SKILL.md), and all network activity is directed toward the user's own store endpoints or well-known shipping carriers. No evidence of data exfiltration, malicious code execution, or harmful prompt injection was found.
能力标签
cryptorequires-walletcan-make-purchases
能力评估
Purpose & Capability
The skill's functionality (manage Shopify and WooCommerce orders, returns, refunds, fulfilments) legitimately requires store API credentials and the Shopify admin scopes the CONFIG.md lists. However the registry metadata declares no required environment variables or primary credential — that contradicts the SKILL.md which instructs the agent to ask for and store SHOPIFY_ACCESS_TOKEN / WC_CONSUMER_KEY / WC_CONSUMER_SECRET. This metadata/instruction mismatch is an incoherence that should be resolved.
Instruction Scope
SKILL.md is detailed and stays within the stated purpose: it prescribes REST calls to Shopify and WooCommerce, carrier web_fetch fallbacks, and UK-law checks. It instructs the agent to ask the user for API tokens and to store them under orders_config in memory. The instructions do not require unrelated files or credentials, but they do not specify secure storage, retention policy, or where memory persists — leaving sensitive tokens potentially stored long-term without safeguards.
Install Mechanism
This is instruction-only (no install spec, no code files to execute). That reduces surface area because nothing is downloaded or written by an installer. The skill relies on runtime network calls and agent memory rather than installing binaries.
Credentials
The set of secrets the skill needs (Shopify access token and WooCommerce consumer key/secret) is proportionate to the feature set. The concern is that the published registry metadata lists NO required credentials while the runtime instructions explicitly request sensitive API tokens. Also the skill asks to store these tokens in agent memory but gives no guidance about encryption, access controls, or retention — which is a material omission for secrets.
Persistence & Privilege
The skill is not 'always' enabled and does not request elevated system privileges. However it does instruct the agent to 'ask once and store' API tokens and other config in memory (orders_config) — this implies persistent storage in the agent's memory store. Confirm whether that memory is encrypted, who can read it, and how to revoke tokens; absence of that detail is a privacy/security risk but not proof of malicious intent.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install order-returns-manager
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /order-returns-manager 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Order & Returns Manager skill initial release. - Manage Shopify and WooCommerce orders end-to-end from WhatsApp, Telegram, or any OpenClaw channel. - Supports order status checks, live tracking links, returns/exchanges, refunds, inventory restock, order edits, fraud flagging, and fulfilment reports. - Fully UK-focused: built-in Consumer Rights Act 2015 compliance and major carrier claim links (Royal Mail, DPD, Evri, DHL, Parcelforce). - Automated setup: asks for and stores only essential store config on first use. - Never displays or logs sensitive access tokens. - Smart order search, return eligibility checks, and clear guidance for all workflows.
元数据
Slug order-returns-manager
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Order & Returns Manager 是什么?

Manage UK-compliant Shopify and WooCommerce orders via chat, including status, returns, refunds, exchanges, edits, fraud flags, lost parcels, and reports. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 88 次。

如何安装 Order & Returns Manager?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install order-returns-manager」即可一键安装,无需额外配置。

Order & Returns Manager 是免费的吗?

是的,Order & Returns Manager 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Order & Returns Manager 支持哪些平台?

Order & Returns Manager 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Order & Returns Manager?

由 Hussain Khuzema(@hussainpatan9)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论