Amazon Shopper
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill automates real Amazon purchases and returns and, as written, can use stored login credentials and complete some transactions before asking you.
Review carefully before installing. If you use it, require a final approval step for every purchase and return, log in manually instead of exposing your password manager, and run it in a dedicated Chrome profile that you do not share with other agent sessions.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could buy the wrong item, quantity, price, or shipping option before you have a chance to review it.
This directs the agent to complete reorders without a final user approval step, even though that can charge the user and ship goods.
**Place order without confirmation** — no screenshot needed
Require explicit final confirmation immediately before every order, including item, price, quantity, shipping address, delivery date, and payment method.
A return could be submitted with the wrong reason, item condition, refund type, or drop-off location, potentially affecting refunds or account standing.
The return flow tells the agent to complete the return before notifying the user, while also supplying default return-condition answers.
**Do NOT narrate each step** — just execute the whole return silently
Require the user to confirm the return reason, item condition answers, refund method, drop-off location, and deadline before the return is submitted.
The agent may gain broad access to your Amazon account and password-manager entry, beyond a single shopping action.
This asks the agent to access password-manager credentials for a shopping account that includes payment methods, addresses, order history, and returns.
Logged into Amazon — if logged out, retrieve password from your password manager
Log in manually instead of letting the skill retrieve passwords, and use the minimum account/session access needed for the specific task.
Another session using the same browser could view or interfere with Amazon pages, order history, checkout, or returns.
The skill acknowledges shared Chrome state while using a logged-in Amazon session, but does not define isolation or access boundaries between sessions.
Always open a new tab — other sessions share the same Chrome.
Use a dedicated browser profile and debugging port for this skill, close unrelated sessions, and avoid sharing the same Chrome instance across tasks.
You must trust and correctly configure an external browser-control tool that can operate a logged-in shopping session.
The skill depends on an external browser-automation CLI and CDP access, but the provided artifacts do not include a pinned source, install spec, or version for that dependency.
Requires agent-browser CLI with Chrome DevTools Protocol (CDP). Chrome must be running with --remote-debugging-port.
Install agent-browser only from a trusted source, verify its version, and understand that CDP browser control can access pages in the configured Chrome profile.