trendyol-admin
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with real credentials, the agent could make business-impacting production changes to a Trendyol seller account.
These are high-impact marketplace actions that can change public listings, prices, orders, returns, and customer communications.
Includes product lifecycle (create, update, delete, archive), stock/price management, order processing (status updates, shipping), returns, and customer questions.
Require explicit user confirmation for destructive, financial, customer-facing, or bulk operations; prefer staging/test credentials first; and limit the skill to the specific task requested.
Supplying full API credentials may give the agent wide authority over the seller account, not just read-only reference access.
The skill requires seller API credentials that can authorize broad Trendyol account operations, but the artifacts do not define a least-privilege scope or safe credential-handling boundary.
Authentication: Always use Basic Auth. - Username: `API_KEY` - Password: `API_SECRET`
Use the least-privileged credentials available, avoid sharing secrets in chat when possible, rotate keys after testing, and confirm which operations the agent may perform.
Mistakes in bulk requests could propagate across a large product catalog or order set.
The reference supports large batch marketplace operations; a bad payload could affect many products or records at once.
Batch operations: max 1000 items per request
Test with small batches, review generated payloads before execution, and keep rollback records for prices, inventory, and product status changes.
Users have less context for who maintains this API reference and whether it exactly matches the official Trendyol documentation.
The skill is instruction-only, but its registry provenance is limited, which matters because it is documenting high-impact API operations.
Source: unknown; Homepage: none
Verify important endpoints and payloads against Trendyol’s official developer documentation before production use.