Back to skill
Skillv1.0.0
ClawScan security
Amazon Fee Calculator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 8:03 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: a local Python FBA fee calculator with no external dependencies, no network access, and no credential or install requirements.
- Guidance
- This skill appears to be a straightforward, local Python calculator. It does not request credentials or network access and prints results to stdout. Before installing/using: (1) inspect the included scripts (already provided) to confirm they match your expectations — the code here is visible and benign; (2) run it locally in a controlled environment (Python 3) if you want to verify outputs; (3) verify the fee schedule values against official Amazon documentation if you need regulatory/financial accuracy; and (4) be cautious installing packages from unknown authors in other cases — here the absence of downloads, env vars, and network calls reduces risk.
Review Dimensions
- Purpose & Capability
- okName/description match the included assets: SKILL.md documents running scripts/calculator.py and the script implements referral, fulfillment, and storage fee calculations for FBA. No unrelated credentials, binaries, or services are requested.
- Instruction Scope
- okRuntime instructions merely run the bundled Python script from the scripts directory with CLI options. The SKILL.md does not instruct the agent to read unrelated files, contact external endpoints, or exfiltrate data.
- Install Mechanism
- okNo install spec is provided (instruction-only plus a local script). Nothing is downloaded or written to disk beyond the included files, so there is no high-risk install step.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The script uses only standard-library modules and command-line arguments; no secrets are requested or accessed.
- Persistence & Privilege
- okThe skill does not request always:true or modify other skills or system configuration. It runs only when invoked by the user (user-invocable) and does not autonomously reach out to external services.