Latest release: v1.0.0Download zip
Capabilities
Compatibility
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The manifest, package metadata, AGENTS.md, and visible skill files consistently describe Medusa v2, Next.js, Node.js, and TypeScript development guidance.
Instruction Scope
The instructions require the agent to consult live Medusa documentation before writing implementation code. This is disclosed and purpose-aligned, but users should expect web-search/web-fetch behavior.
Install Mechanism
No install spec, package scripts, dependencies, required binaries, or required environment variables are declared. The included Python scripts are visible and appear to be local safety checks rather than hidden installers.
Credentials
The visible artifacts do not request credentials or local private data. External access is limited in the instructions to official Medusa and related development documentation.
Persistence & Privilege
No background service, persistence mechanism, credential store access, privilege escalation, or autonomous account mutation is shown in the provided artifacts.
Scan Findings in Context
[static-scan-clean] expected: The supplied static scan reports no suspicious patterns; the visible Python scripts only inspect local tool input to warn about destructive commands or hardcoded secrets.
Assessment
This appears safe to use as a Medusa v2 development helper. Expect it to consult live official docs and still review generated code, migrations, admin/API changes, and any omitted skill files before applying them to a real store or database.