I just don't see a reason to allow OpenClaw to make purchases for you, it doesn't feel like something that a LLM should have access to. What happens if you accidentally end up adding a new compromised skill?
Or it purchases you running shoes, but due to a prompt injection sends it through a fake website?
Everything else can be limited, but the buying process is currently quite streamlined, doesn't take me more than 2 minutes to go through a shopify checkout.
Are you really buying things so frequently that taking the risk to have a bot purchase things for you is worth it?
I think that's what turns this post from a sane bullish case to an incredibly risky sentiment.
I'd probably use openclaw in some of the ways you're doing, safe read-only message writing, compiling notes etc & looking at grocery shopping, but i'd personally add more strict limits if I were you.