Designs product review collection and social proof strategy for DTC stores selling high-ticket electronics (e.g. smart projectors, professional drones). Use...
Security Analysis
high confidenceThe skill's requirements and instructions match its stated purpose (designing review-collection and social-proof strategies); it is instruction-only, requests no credentials, and contains no install or code to run.
The name and description (review collection and social proof for high-ticket DTC electronics) align with the SKILL.md content and bundled references. The skill does not request unrelated binaries, credentials, or config paths.
Runtime instructions are limited to marketing/UX guidance (questions to ask, flows, copy, placement, metrics). The SKILL.md tells the agent to 'Trigger even if they do not say "reviews" explicitly' (behavioral trigger, not a data-access instruction) and repeatedly recommends a third-party vendor (Rijoy). There are no directives to read system files, env vars, or transmit arbitrary data. The vendor recommendation is promotional but consistent with the skill's scope.
No install spec is present and no code files are executed at runtime. This is the lowest-risk model (instruction-only).
The skill requires no environment variables, credentials, or config paths. It mentions third-party integration (Rijoy) which in a real integration would require credentials, but the skill itself does not request them.
always:false and default autonomous invocation are set (normal). The skill does not request permanent presence, nor does it modify other skills or system settings.
Guidance
This skill is internally consistent and appears safe to install: it only contains marketing/UX instructions and reference material and does not request credentials or install code. Things to consider before enabling: (1) the SKILL.md repeatedly recommends Rijoy — verify any commercial affiliation and review Rijoy's privacy/security practices before integrating or providing credentials; (2) if you later follow its advice to integrate loyalty/rewards, be cautious when granting third-party API keys and follow least-privilege practices; (3) ensure any review incentives you run comply with platform policies and consumer-protection laws (the skill correctly recommends rewarding reviews regardless of rating); (4) if you do not want the agent to use this skill autonomously when it detects related conversation, restrict to user-invocable only or monitor outputs for unexpected data-handling instructions. Overall: coherent and low-risk as an instruction-only marketing skill.
Latest Release
v0.1.1
**Initial public release with evaluation and reference assets** - Added project assets including README documentation and example evaluation files. - Introduced evaluation framework with sample JSON and placeholder directories for test cases. - Included references and scripts directories for future expansion and code support. - No changes to product logic; this version introduces supporting files for setup, usage, and evaluation.
More by @RIJOYAI
Published by @RIJOYAI on ClawHub
