Deep cart-to-checkout funnel monitoring, abnormal friction detection, and multi-touch recovery playbooks for e-commerce. Use this skill whenever the user men...
Security Analysis
high confidenceThis instruction-only skill is coherent with its stated purpose (abandoned-checkout monitoring and recovery playbooks), requests no credentials or installs, and stays within the domain it describes.
The skill's name, description, and SKILL.md align: it is a diagnostic + playbook generator for cart→checkout abandonment. It asks for platform, markets/currency, funnel metrics, payment methods, and existing outreach — all relevant to the stated goal. No unrelated binaries, env vars, or config paths are requested.
The SKILL.md is prescriptive (requires a multi-block 'full playbook' and a structured master table with at least four rows). It instructs the agent to read the included reference playbook and to infer context from the conversation, asking only missing questions. It does not instruct reading system files, environment variables, or contacting external endpoints. Note: the policy is 'pushy' — the skill will produce long, structured output even for vague merchant questions, which is a design choice (not a security issue) but may produce lengthy disclosures if a user supplies logs or data.
No install spec and no code files that execute — instruction-only. This is low-risk: nothing is downloaded or written to disk by the skill itself.
The skill declares no required environment variables, no credentials, and no config paths. All requested context (platform, metrics, payment methods, existing outreach) is appropriate for its function.
always:false (no forced inclusion). Model invocation is permitted (default) but not combined with any credential requests or system-level changes. The skill does not request persistent system modifications or access to other skills' configs.
Guidance
This skill appears internally consistent and low-risk: it only contains instructions and reference docs to generate checkout-diagnostic playbooks, and it asks for no credentials or installs. Before installing, consider: (1) the skill is designed to always produce a long, structured playbook (table + checkout friction checklist + gateway troubleshooting + three-email sequence) even for vague questions — if you prefer short answers for simple inventory or order-status queries, do not rely on this skill for those. (2) The skill may ask you to supply funnel metrics, payment error codes, or sample logs to validate hypotheses — avoid pasting raw payment logs, full PII, or admin credentials; provide aggregated or anonymized metrics instead. (3) Recovery-email drafts may implicate legal/compliance requirements (CAN-SPAM, GDPR consent, local rules) — review any outreach plans with your legal/compliance team before sending. (4) If you want the agent to act autonomously across systems or to fetch logs from your platform, do not provide admin keys or live credentials to the agent; instead, extract and share only the minimally necessary aggregated data. Overall: technically benign and coherent; the primary non-security concern is its mandatory verbose output model and how much data you choose to share when following its instrumenting requests.
Latest Release
v0.1.1
Version 0.1.1 of abandoned-checkout-monitor is an English translation and adaptation of the original Chinese skill documentation. - All documentation and guidelines converted fully to English, with context and examples rewritten for global e-commerce audiences. - Trigger conditions and exclusions updated to use concise English phrases and broader applicability. - Mandatory output structure, report outlines, and example tables retained; field names and explanations presented in English. - Tone and instructions clarified for users familiar with international e-commerce platforms and best practices.
More by @RIJOYAI
Published by @RIJOYAI on ClawHub
