Ebay Price Check
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is narrowly scoped to eBay price lookup and shows no evidence of credential access, persistence, or hidden data collection beyond sending search terms to eBay.
This appears safe to install from a security perspective if you are comfortable sending item search terms to eBay. Expect possible setup or reliability issues unless Python and curl are available, and treat the output as approximate because it appears to parse eBay web pages rather than use an official API.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installation or invocation may fail or behave inconsistently if Python/curl are not already available.
Python is declared like an unpinned package dependency rather than a required system binary, while the skill has no install spec. This is imprecise packaging/dependency metadata, not evidence of malicious behavior.
"dependencies": { "python3": ">=3.8" }Declare required binaries explicitly, avoid ambiguous package dependencies for system tools, and fix the wrapper path before relying on the skill.
Search terms are sent over the network to eBay, and the local curl binary is invoked when the tool runs.
The skill executes a local curl process to fetch eBay search pages. This command execution is purpose-aligned, uses an argument list rather than shell interpolation, and is limited to the constructed eBay URL.
subprocess.run(["curl", "-s", "-L", url], capture_output=True, text=True, timeout=30)
Use only with search terms you are comfortable sending to eBay; maintainers should declare curl as a required binary or use a standard HTTP library.
Users may overestimate result reliability or assume the skill uses an official API when it appears to scrape public search pages.
The documentation claims API use, but the included Python constructs an ebay.com search-page URL and parses HTML. This is a disclosure/accuracy issue rather than hidden malicious behavior.
Searches eBay using their public search API
Treat the returned price statistics as estimates and update the documentation to accurately describe the data source.