Back to skill
Skillv1.0.0
ClawScan security
Amazon Product Scraper · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 1, 2026, 4:30 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- Instruction-only skill that consistently describes and uses the platform's built-in browser to scrape Amazon product pages; it requires no installs, credentials, or unrelated access.
- Guidance
- This skill is internally consistent, but consider these practical points before installing: (1) Scraping Amazon may violate Amazon's terms of service and could trigger rate-limiting or blocking — use responsibly and respect robots/ToS. (2) The skill will store full scraped content (including reviews and product text) under memory/竞品分析报告-{ASIN}.md — treat those files as potentially copyrighted and possibly sensitive. (3) The skill targets amazon.com URLs; if you need other marketplaces or locales, confirm/support for those. (4) Do not provide any credentials (none are required). (5) Monitor for repeated automated requests if you allow autonomous invocation, to avoid unintended scraping volume or account/IP blocking.
Review Dimensions
- Purpose & Capability
- okThe name/description (Amazon product scraping and report generation) matches the runtime instructions: open an Amazon product URL, snapshot the page, extract listing fields, generate and save a report. No unrelated binaries, services, or credentials are requested.
- Instruction Scope
- okSKILL.md stays on task: it instructs the agent to use the platform browser tool, wait/scroll for content, extract specific fields (title, price, BSR, specs, 'About this item', etc.), and save a Markdown report. It does not instruct reading other system files, accessing unrelated env vars, or posting data to external endpoints beyond the specified Amazon URL. Minor note: it targets amazon.com links even though surrounding text is Chinese — locale support is not addressed but not a security issue.
- Install Mechanism
- okNo install spec or code files are present (instruction-only), so nothing is written to disk or fetched at install time. This is the lowest-risk install profile.
- Credentials
- okNo environment variables, credentials, or config paths are required. The requested access is proportional to the stated scraping task.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It instructs saving reports to memory/竞品分析报告-{ASIN}.md — expected for a reporting skill. This is a normal, limited persistence behavior; it does not request system-wide or other-skills configuration changes.