WooCommerce Automation

SUSPICIOUS. The business functions are broadly aligned with a WooCommerce automation skill, but install trust and backend identity are not fully coherent: the ecosystem uses transitive skill installation and same-org unpinned installers, and this skill names an `ecommerce-mcp` server that was not verified against the publisher while the repo documents a different MCP server. No strong evidence of credential theft or overt exfiltration appears in the skill text, so this is better classified as medium security risk rather than confirmed malware.