Amazon Shopper
v1.0.0Buy and return items on Amazon using browser automation. Use for purchasing, reordering, checking order history, and processing returns.
⭐ 0· 874·3 current·3 all-time
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's purpose (buying and returning on Amazon via browser automation) is coherent with the SKILL.md instructions, but the registry metadata lists no required binaries or environment variables while the SKILL.md explicitly requires the agent-browser CLI, Chrome started with --remote-debugging-port, and suggests environment variables (AMAZON_SHIPPING_ADDRESS, AMAZON_PAYMENT_METHOD, AMAZON_RETURN_DROPOFF). That mismatch between declared requirements and runtime instructions is an incoherence.
Instruction Scope
The instructions tell the agent to connect to a locally running Chrome via CDP, open the user's persistent browser profile, manipulate order history, place orders, and process returns. They also instruct the agent to execute reorders "without confirmation" and to "execute the whole return silently" (do not narrate each step). These give the agent broad, sensitive authority (placing purchases/refunds) and encourage quiet automated actions rather than explicit user confirmation.
Install Mechanism
This is instruction-only with no install spec or downloaded code, which minimizes supply-chain risk. There is no installer that will write arbitrary code to disk as part of skill installation.
Credentials
Although the registry lists no required env vars or credentials, SKILL.md instructs setting AMAZON_SHIPPING_ADDRESS, AMAZON_PAYMENT_METHOD, and AMAZON_RETURN_DROPOFF and refers to a persisted browser profile at $HOME/.config/chrome-agent and to retrieving passwords from a password manager. The skill will use the user's existing authenticated browser session (cookies, stored payment methods), which is proportionate for a browser-automation shopper but is sensitive: the skill has access to account session data and order history and can act on it. The lack of declared env/credential requirements combined with these implicit sensitive accesses is an inconsistency.
Persistence & Privilege
always:false and normal autonomous invocation are used (no elevated metadata flag), but the skill depends on a persistent browser profile and remote-debugging access. Connecting to Chrome's remote debugging port gives the agent full control of the browser session (tabs, cookies, saved credentials). Combined with instructions to place orders/returns silently and to skip confirmation for reorders, this grants high-impact capabilities that merit caution.
What to consider before installing
This skill will connect to your local Chrome via the remote-debugging port and act inside your logged-in browser profile to read order history and place returns/orders. Before installing or running it: 1) Only use on a personal machine you fully control (not a shared or corporate device). 2) Consider that the skill's SKILL.md asks you to set environment variables and to retrieve passwords, but the registry metadata doesn't declare those — treat that as a sign of sloppy or incomplete packaging. 3) Require explicit confirmation for any purchase action (the skill currently instructs silent, no-confirmation reorders). 4) If you proceed, run Chrome in a dedicated profile with minimal saved payment data and use a throwaway/test account where possible. 5) Prefer skills that declare required binaries/credentials explicitly and/or provide verifiable source code; avoid giving an agent silent authority to perform monetary transactions. 6) If you need higher assurance, request the skill's source or an installable implementation so you can inspect what exact commands and data flows it will run.Like a lobster shell, security has layers — review code before you run it.
latest
Amazon Ordering
Prerequisites
agent-browserCLI installed- Chrome running with
--remote-debugging-port=9222(see Starting the browser) - Logged into Amazon — if logged out, retrieve password from your password manager
- If running headless (Linux/VNC), forward the VNC port to verify visually:
ssh -L 6080:localhost:6080 <host>→ http://localhost:6080/vnc.html
Setup
Set these environment variables or configure your defaults:
# Your default shipping address (verify on checkout)
export AMAZON_SHIPPING_ADDRESS="Your shipping address"
# Your preferred payment method description (verify on checkout)
export AMAZON_PAYMENT_METHOD="Your preferred card"
# Your preferred return drop-off location
export AMAZON_RETURN_DROPOFF="Whole Foods"
Always verify shipping address and payment method are correct before placing an order.
Returns
Default Answers (use unless user specifies otherwise)
- Return reason: "Changed Mind" → "My needs changed"
- Packaging opened: Yes
- Item in original packaging: Yes
- Have you used the item: Yes
- Signs of use: None
- Battery leaks/overheating: No
- All accessories included: Yes
- Refund type: Refund to original payment method (not replacement, not gift card)
- Drop-off location: Use
AMAZON_RETURN_DROPOFFor Whole Foods
Return Flow
- Orders → Find item → "Return or replace items"
- Select "Changed Mind" → "My needs changed" → Continue
- Answer condition questions with defaults above
- Continue past "Get Product Support" suggestions
- Select "Refund to original payment method"
- Select drop-off location
- Confirm return
- Done — QR code will be emailed
Communication Style
- Do NOT narrate each step — just execute the whole return silently
- Only message the user once it's confirmed with a brief summary:
- Item name
- Refund amount
- Drop-off location & deadline
- If something goes wrong or needs clarification, then ask
Ordering Rules
Reorders (items ordered before)
- Go directly to order history, search for item
- Click "Buy it again"
- Verify address and payment method
- Place order without confirmation — no screenshot needed
New Items (never ordered before)
- Search or navigate to product
- Send screenshot of product page (scroll so price + product image visible, skip nav bars)
- Wait for user confirmation before adding to cart
- Verify address and payment method
- Place order after confirmation
Workflow
Connect to browser
agent-browser connect 9222
Always open a new tab — other sessions share the same Chrome. Use --new-tab on every open command.
Search order history
agent-browser open "https://www.amazon.com/gp/your-account/order-history"
agent-browser snapshot -i
# Find search box, fill with item name, click search
Reorder flow
# From order history search results
agent-browser click @[buy-it-again-ref]
# Wait for checkout page
agent-browser snapshot
# Verify correct address and payment method are selected
agent-browser click @[place-order-ref]
Screenshot tips
- Scroll past nav bars before screenshotting
- Ensure price and product image are both visible
- Save screenshots to a temporary directory
- Send via message tool with caption
Starting the browser (if not running)
macOS (opens a visible Chrome window):
open -na "Google Chrome" --args --user-data-dir=$HOME/.config/chrome-agent --no-first-run --remote-debugging-port=9222 https://www.amazon.com
Linux (headless with Xvfb/VNC):
DISPLAY=:99 google-chrome --user-data-dir=$HOME/.config/chrome-agent --no-first-run --remote-debugging-port=9222 https://www.amazon.com &
Linux (desktop/GUI session):
google-chrome --user-data-dir=$HOME/.config/chrome-agent --no-first-run --remote-debugging-port=9222 https://www.amazon.com &
Notes
- Browser profile persists login at
$HOME/.config/chrome-agent - On headless Linux, VNC display is typically
:99on port 5999 (noVNC on 6080) - Order confirmations go to the email on your Amazon account
- CAPTCHAs or 2FA may require manual intervention — if the browser window is visible (macOS or Linux desktop), ask the user to solve it in the Chrome window
Comments
Loading comments...