Shopflow Read-only Packet

Guides installation and connection to Shopflow's local MCP server for read-only submission readiness checks without live store claims.

This packet appears to do what it says: it teaches how to attach a local, read-only Shopflow MCP server. Before you run anything, do the following: (1) add/confirm required binaries in the manifest (git, Node.js, and pnpm) so metadata matches behavior; (2) review the GitHub repo (https://github.com/xiaojiou176-open/shopflow-suite.git) and package.json/scripts to ensure you trust what pnpm install and pnpm mcp:stdio will run; (3) run installs and the MCP server in a sandbox or isolated environment (not on a production host) if you have any doubt; (4) prefer to clone the repo locally and inspect files before executing; and (5) note this skill does not request credentials, but running third‑party installs will contact npm/GitHub and fetch remote code — treat that as the main risk. If you want higher assurance, ask the skill author to declare required binaries in manifest and to provide checksums or an official release URL for the referenced repo.

Type: OpenClaw Skill Name: shopflow-read-only-packet Version: 1.0.0 The skill bundle instructs the agent to perform high-risk operations, including cloning an external GitHub repository (github.com/xiaojiou176-open/shopflow-suite.git) and executing 'pnpm install' to set up a local MCP server. While these actions are aligned with the stated purpose of integrating the Shopflow suite and the documentation includes safety boundaries (e.g., 'Must not claim' sections in SKILL.md), the reliance on external code execution and shell access via pnpm/git constitutes a significant attack surface. There is no evidence of intentional malice, but the inherent risk of RCE via third-party dependencies warrants a suspicious classification.