ClawHub

Amazon Product Research & Seller Analytics

v1.2.2

Amazon product research and seller analytics for FBA and FBM businesses. Find winning products with 14 selection strategies, track competitors, monitor BSR t...

0· 102·0 current·0 all-time
by@christine-srp
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implemented behavior: the SKILL.md, README, reference docs, and scripts/apiclaw.py all implement Amazon product research workflows against https://api.apiclaw.io. The single required credential (APICLAW_API_KEY) is appropriate for that purpose.
Instruction Scope
Runtime instructions require executing scripts/apiclaw.py for all API calls (expected). The SKILL.md forbids writing keys to disk yet documents a config.json fallback and the README even suggests agents may save keys to config.json — this is a minor inconsistency in guidance (preference is env var, but the code supports a disk fallback). The instructions do not ask the agent to read unrelated system files or call external endpoints beyond the declared APIClaw endpoints.
Install Mechanism
No install spec or external downloads; this is an instruction-only skill with one local Python script. No third-party package downloads or obscure URLs are used. This minimizes install-time risk.
Credentials
Only APICLAW_API_KEY is required and serves as the primary credential — proportionate to the described API usage. Minor caveat: the script falls back to reading config.json in the skill directory for an API key, so a key could end up on disk if the agent or user chooses that route (SKILL.md advises against writing keys to disk but README and code permit it).
Persistence & Privilege
Skill does not request always:true and does not require system-wide privileges. It only reads config.json from its own skill directory as a fallback. Autonomous invocation is enabled (default) which is expected for skills; nothing else indicates elevated persistence or cross-skill config modification.
Assessment
This skill appears to do what it says: it runs a local CLI script that calls api.apiclaw.io and needs a single APICLAW_API_KEY. Before installing: (1) Prefer setting APICLAW_API_KEY as an environment variable (SKILL.md recommends this); be cautious about saving keys to a config.json file in the skill folder — the code will read that file if present. (2) Confirm you trust the APIClaw provider (https://apiclaw.io) and are comfortable the service will receive product/ASIN queries. (3) Note the minor mismatch in documentation: SKILL.md says not to write keys to disk but the README and script support a config.json fallback — if you want to avoid any disk-stored secret, do not create config.json and keep the key only in environment variables. (4) The agent will execute network calls when invoked (normal for this skill); if you want to prevent autonomous network use, restrict model/skill invocation or only call it manually.

Like a lobster shell, security has layers — review code before you run it.

latestvk97138dhg5z9000a5yk9d35ke58390v3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvAPICLAW_API_KEY
Primary envAPICLAW_API_KEY

Comments