Skillv1.0.0

ClawScan security

Competitor Monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 13, 2026, 8:41 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose (Amazon competitor monitoring) but contains incomplete code, undeclared external dependencies and API access (SellerSprite / unified_data_layer) and a sys.path manipulation that together make its behavior unclear and potentially unsafe until those gaps are resolved.
Guidance: Do not install or run this skill in a production environment yet. Specific actions to take before trusting it: 1) Ask the publisher for the missing dependency files (unified_data_layer_v2.py and sellersprite_mcp.py) or for details about the data layer implementation and endpoints; verify those files' source and review them for where network requests are sent and how credentials are used/stored. 2) Confirm what API keys are required (SellerSprite etc.), why they are needed, and how the skill expects to receive them (env vars, config files); do not provide sensitive credentials until you verify the destination and storage practices. 3) Note the included script is truncated / contains a syntax/runtime error ('actions.appen' and truncated file) — this indicates the package is incomplete and may crash or behave unpredictably. 4) If you proceed to test, run it in an isolated environment with no real secrets and monitor outbound network traffic to confirm endpoints. 5) Prefer a version that documents required credentials explicitly and includes or references the exact data-layer implementation (or replace with a reviewed implementation).

Review Dimensions

Purpose & Capability: concernThe SKILL.md and code claim the skill uses a data layer and SellerSprite API to fetch competitor intelligence — that is coherent with the stated purpose. However, the skill does not declare any required credentials or environment variables for SellerSprite or the data layer, nor does it include the referenced dependency files (unified_data_layer_v2.py, sellersprite_mcp.py). That mismatch (expects external API access but doesn't request or ship the API keys/config) is incoherent and prevents a clear security assessment.
Instruction Scope: noteThe SKILL.md instructions and the visible code stay within the stated domain (parse targets, fetch intelligence, analyse keywords/VOC, recommend actions). They do not instruct reading arbitrary host files or unrelated environment variables. However, the Python implementation calls into an external data layer (data_layer.api.call) which will perform network calls and could transmit competitor queries and aggregated data to whatever endpoints that data layer is configured to use — those endpoints/credentials are not provided, so the exact data flows are unknown.
Install Mechanism: noteThere is no install spec (instruction-only), which is low-risk in isolation. But the package includes a code file that imports local modules expected to live in a scripts path outside the package; those modules are not included, so runtime behavior depends on out-of-bundle code. No remote downloads were specified in the skill itself.
Credentials: concernThe SKILL.md lists 'SellerSprite API access' and the code requires an AmazonDataLayerV2 client, which almost certainly requires API keys/credentials. Yet requires.env is empty and no primary credential is declared. The skill therefore requires external credentials but does not declare them — this is a proportionality and transparency problem and prevents verification of where secrets would be used/stored.
Persistence & Privilege: noteThe skill does not request 'always: true' and does not appear to modify other skills or system-wide configuration. It does modify sys.path at runtime to import a module from a relative '../../..' scripts directory — this is not persistence, but it does broaden the code's import surface to include files outside the package, which can be a source of unexpected behavior.