Amazon Analyse
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears purpose-aligned for Amazon product analysis, but it relies on a third-party Sorftime API key/service and creates persistent Markdown reports.
Before installing, make sure you are comfortable using Sorftime as the data provider, protect the API key in .mcp.json, and expect the skill to create Markdown reports under reports/ for each analysis.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill will contact Sorftime and create report files in the project, and repeated calls may consume API quota or credits.
The skill instructs the agent to use raw curl POST requests and a Write tool to save reports. This is central to the analysis purpose, but it gives the agent network and local file-write actions.
所有数据需通过 curl POST 请求获取 ... 将报告保存为 Markdown 文件 ... Write $FILENAME
Use it only for intended ASINs, review the target marketplace and output path, and limit repeated or concurrent API calls if usage is billed.
Anyone with access to the configured key may be able to use the Sorftime account or consume its quota.
The skill expects a Sorftime API key to be placed in configuration. This is expected for the integration, but it is still account authority and should be protected.
"url": "https://mcp.sorftime.com?key=YOUR_API_KEY"
Use a dedicated API key with limited scope if possible, avoid committing .mcp.json, and rotate the key if it is exposed.
Sorftime can see requested ASINs, marketplaces, keywords, and the API key used for the service.
The skill sends analysis requests through an external MCP-style provider. This is disclosed and purpose-aligned, but it creates a third-party data boundary.
本分析使用 Sorftime MCP 服务获取亚马逊数据。Sorftime MCP 是一个流式 HTTP 服务,使用 Server-Sent Events (SSE) 协议返回数据。
Confirm you trust Sorftime for these queries and avoid including confidential internal business information in API arguments unless necessary.