ClawHub

Amazon Listing Audit Pro

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real APIClaw Amazon analytics skill, but it needs Review because its code and reference docs are broader than the advertised listing-audit purpose and include under-disclosed credential lookup paths.

Install only if you trust APIClaw and are comfortable sending ASINs, keywords, categories, competitor targets, and related business research to api.apiclaw.io. Prefer setting APICLAW_API_KEY explicitly, review or remove local APIClaw config files before use, and avoid invoking the broader market-entry, opportunity, monitoring, pricing, and review-deepdive commands unless you intentionally want those capabilities.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill declares no permissions while its documented behavior requires env access, file reads, and network/API access. That mismatch weakens user and platform consent boundaries, making it easier for a skill to access secrets or external resources without transparent declaration and review.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill is presented as a bounded listing-audit tool, but the behavior described by analysis includes broader research, monitoring, endpoint testing, and alternate API-key loading from local config. This expansion of scope increases attack surface and can enable undeclared data access or unintended use of local secrets, especially because users may invoke it under the assumption of a narrow audit-only function.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The reference file is for a different skill ('Market Entry Analyzer') than the manifested Amazon listing audit skill, which creates a capability/specification mismatch. This can cause the agent to call unrelated endpoints, request unnecessary data, or produce outputs outside the user's expected scope, increasing the risk of unintended external data transmission and unsafe behavior.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The documented behavior focuses on market-entry and competitive landscape analysis rather than listing health checks, materially expanding the operational scope beyond what users would expect from the skill metadata. In practice, this can drive broad competitor scraping, category intelligence gathering, and extra API usage that is unrelated to the requested listing audit, creating data-minimization, consent, and trust issues.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The file exposes broad market research, pricing, competitor intelligence, review mining, and opportunity scanning workflows that materially exceed the manifest's stated 'listing audit' purpose. This scope expansion increases the volume and sensitivity of user and third-party marketplace data sent externally, and creates a capability mismatch that can mislead operators about what the skill actually does.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The daily-radar workflow enables recurring market surveillance over tracked ASINs, competitors, pricing, history, and reviews, which is beyond a normal one-off listing audit. In this skill context, unattended monitoring increases privacy and data-governance risk because users may not expect persistent competitor tracking or repeated third-party transmission of their monitored product set.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The market-entry and opportunity-discovery composites perform category resolution, product discovery, competitor analysis, and trend mining that are broader than listing-audit functionality. In a skill advertised as a listing health check, this mismatch is dangerous because it expands external data processing and operational reach without transparent justification to the user.

Vague Triggers

Medium
Confidence
75% confidence
Finding
Broad trigger phrases like 'improve my listing' can cause the skill to activate on vague requests without clear user intent or scope limits. In a skill with network access and broad underlying functionality, this increases the chance of overbroad invocation, unintended data processing, or use of more powerful workflows than the user expected.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code automatically sources an API key from environment or local config and uses it in outbound Authorization headers to a third-party API without any user-facing disclosure at runtime. In an agent-skill setting, silent credential use is risky because operators may not realize the skill is consuming stored secrets and transmitting listing-related data off-platform.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The API client sends user-provided keywords, ASINs, categories, and derived metadata to APIClaw, and many composite workflows amplify this into numerous external requests. Without a clear runtime warning or consent boundary, users may unknowingly disclose product interests, monitored competitors, and business research targets to a third-party service.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal