Amazon Market Entry Analyzer
v1.0.1One-click market viability assessment for Amazon sellers. Analyzes market size, competition intensity, brand landscape, pricing structure, and consumer pain...
⭐ 0· 112·0 current·0 all-time
by@apiclaw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, README, reference, and the included script all consistently describe market analysis via the APIClaw service. The only required credential is APICLAW_API_KEY which is exactly what the skill needs to call api.apiclaw.io endpoints.
Instruction Scope
Runtime instructions direct the agent to run the included CLI script and use APIClaw's 11 endpoints. The SKILL.md specifies which inputs are required, expected fallbacks, output format, language rules, and a required disclaimer. There are no instructions to read unrelated system files, other environment variables, or to transmit data to endpoints outside api.apiclaw.io. Note: the script injects _query metadata into API responses (expected for provenance) and the workflow makes many API calls (~20), so the APICLAW_API_KEY will be transmitted to api.apiclaw.io during normal operation.
Install Mechanism
No install spec; the skill is instruction-only with a provided script. No external downloads, package installs, or archive extraction are requested by the skill metadata. This minimizes installation risk.
Credentials
Only APICLAW_API_KEY is required and declared as the primary credential. The included script also supports reading a local config.json (in the skill directory) as an alternative key source — this is reasonable but users should avoid placing sensitive keys in shared repositories. No unrelated secrets or multiple service credentials are requested.
Persistence & Privilege
always is false; the skill does not request persistent/always-on privilege and does not modify other skills or global agent config. It only reads the API key from the environment or a local config file and performs API calls to api.apiclaw.io as described.
Assessment
This skill appears coherent and does what it claims: it queries api.apiclaw.io using your APICLAW_API_KEY and the included CLI script. Before installing, consider: (1) Trustworthiness of the API provider — the skill will send your API key and query parameters to api.apiclaw.io, so verify the service is legitimate and you trust its data/privacy practices. (2) Do not commit your APICLAW_API_KEY into public repos — the script will also accept a local config.json in the skill directory, which could be accidentally checked in. (3) The workflow makes many API calls (~20) and may consume API credits; check quotas and billing on your APIClaw account. (4) Review the included script if you want to confirm there is no additional network behavior or logging you disagree with — the code is readable and uses urllib to POST to the documented base URL. (5) If you need the agent to not call external services autonomously, adjust invocation policies; although the skill is user-invocable only by default, the agent can still invoke it when asked. If you want, I can highlight specific lines in the script that show how the API key is used and where a config.json would be read.Like a lobster shell, security has layers — review code before you run it.
latestvk9707agmydef2d4ps1n1mxshy984rd9b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
EnvAPICLAW_API_KEY
Primary envAPICLAW_API_KEY