Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Amazon
v1.0.0Buy and return items on Amazon using browser automation. Use for purchasing, reordering, checking order history, and processing returns.
⭐ 0· 432·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description claim browser automation for Amazon purchases/returns, which matches the SKILL.md instructions to use agent-browser + Chrome CDP. However the skill metadata declares no required env vars or credentials while the runtime instructions require environment variables (AMAZON_SHIPPING_ADDRESS, AMAZON_PAYMENT_METHOD, AMAZON_RETURN_DROPOFF) and assume access to a logged-in Amazon session, creating an incoherence between declared requirements and what the skill actually needs.
Instruction Scope
The instructions direct the agent to control a local Chrome instance (remote-debugging), open order history, place orders and process returns, take screenshots, and 'execute the whole return silently'. It also tells the agent to retrieve the Amazon password from a password manager if logged out and to 'place order without confirmation' for reorders. These steps involve accessing sensitive data (account session, passwords, payment info) and performing financial actions with minimal user confirmation — scope exceeds a simple helper and could lead to unwanted purchases or credential exposure.
Install Mechanism
This is an instruction-only skill with no install spec or code to download, which is the lowest install risk. The runtime relies on external tools (agent-browser, Chrome) already present on the host.
Credentials
Metadata lists no required environment variables or primary credential, but the SKILL.md tells users to set several AMAZON_* env vars and to use a persisted browser profile at $HOME/.config/chrome-agent and potentially retrieve passwords from a password manager. Requesting or using account credentials, stored browser profiles, and payment/shipping data is sensitive and should have been declared explicitly; the current mismatch is disproportionate and opaque.
Persistence & Privilege
The skill instructs creating/using a persistent browser profile in $HOME/.config/chrome-agent and connecting to Chrome's remote debugging port, which grants broad access to the user's browser session and cookies. Although the skill is not marked always:true, its instructions enable persistent access to account sessions and stored credentials, and it advises performing actions silently and without confirmation for some flows — a risky combination.
What to consider before installing
This skill automates real purchases and returns and asks you to use a persistent Chrome profile and (implicitly) account credentials, but its metadata does not declare those requirements. Before installing or running it: 1) Do not give it access to your primary account with saved payment methods; test with a disposable Amazon account and payment method. 2) Require explicit confirmations for any purchase — the skill's 'place order without confirmation' instruction is dangerous. 3) Prefer running the automation in an isolated VM/container or a dedicated browser profile (not your main Chrome profile) to avoid exposing other cookies and sessions. 4) Ask the publisher (or examine code) to declare required env vars/credentials and to remove instructions that retrieve passwords from a password manager or act silently. 5) If you must proceed, audit agent-browser usage and monitor email/payment notifications closely. If you cannot verify these changes, avoid installing or enable strict manual confirmation before any financial action.Like a lobster shell, security has layers — review code before you run it.
latestvk97bpp1t7gwmvfb8zg65ben4px81vytx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.