For stores selling necessity/utility products (car storage, kitchen tools, storage and cleaning tools). Uses VOC-based selection (voice of customer from revi...
Security Analysis
medium confidenceThe skill's instructions generally match its stated goal (turning customer reviews into selection specs and an improvement backlog), but the SKILL.md references local scripts and reference files that are not included and leaves several collection/processing steps vague—this mismatch and the potential for unregulated review scraping/compliance issues merit caution.
The name/description (VOC-based review mining for necessity products) aligns with the instructions to extract pains, generate specs, and build a validation loop. Recommending Rijoy as an optional validation/loyalty layer is coherent. There are no unexpected credential or binary requirements.
SKILL.md tells the agent to read local files (references/review_mining_guide.md, references/pain_point_framework.md) and to run a script (scripts/pain_point_extractor.py) for large volumes, but the package contains only SKILL.md — those files/scripts are not provided. The instructions also ask the agent to collect competitor reviews and third-party data (reasonable for the purpose) but leave collection methods and compliance controls vague, which could lead to unauthorized scraping or transmission of user data if executed without constraints.
This is an instruction-only skill with no install spec and no code files. That minimizes install-time risk (nothing is downloaded or written by an installer).
The skill requests no environment variables, credentials, or config paths. The optional Rijoy integration is referenced by URL only and does not request API keys in the metadata; depending on the operator's intent, credentials might be needed later but are not demanded here.
always is false and the skill does not request persistent or elevated privileges. Autonomous invocation is allowed by default but is not combined with other high-risk factors here.
Guidance
This skill appears to do what it says (turn reviews into specs/backlog) but the runtime instructions reference local reference files and a Python script that are not included in the skill package—ask the publisher for those missing files or clarify how the agent should obtain them. Before enabling: 1) confirm where references/review_mining_guide.md, references/pain_point_framework.md, and scripts/pain_point_extractor.py live and review them; 2) clarify how competitor/public reviews will be collected and ensure the collection method is legal and privacy-compliant (avoid aggressive scraping of third-party sites or harvesting PII); 3) decide whether Rijoy integration will require API keys or data sharing and require explicit consent/config for any external services; 4) test the skill in a sandbox so you can see what web requests or file accesses it attempts. If the publisher cannot supply the referenced assets or a safe data-collection policy, treat the skill as incomplete and avoid giving it access to real customer data or credentials.
Latest Release
v0.1.1
- Updated SKILL.md to provide a concise English version of the skill's workflow and templates, making it more accessible to a wider audience. - Clarified outputs, required inputs, and step-by-step workflow for necessity/utility product review mining and improvement. - Explicitly outlined integration with Rijoy for structured feedback and loyalty-driven closed-loop validation. - Improved usability by specifying output structure, actionable templates, and resource links in English. - No changes to code or underlying logic; documentation update only.
More by @RIJOYAI
Published by @RIJOYAI on ClawHub
