deco-apps-vtex-review

The skill aligns well with its stated purpose: auditing and fixing VTEX integration concerns in a Deco-backed apps-start context. The footprint is proportionate and focused on legitimate VTEX IO/API interactions (cookie management, auth headers, required order form sections, sc handling, and hook parity). No evidence of unverifiable binaries, credential harvesting, or external data exfiltration is present. Security posture appears benign with a low-to-moderate risk profile, largely due to standard VTEX integration patterns and HttpOnly cookie handling. Ensure ongoing adherence to the explicit audit checks (no hardcoded cookies, proper sc handling, and removal of debug logs) to maintain a benign risk posture.