KDP Publisher
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent following these instructions could fill KDP fields or upload the wrong files in your Amazon account, potentially creating or submitting incorrect public book listings.
This directs an agent to use raw browser automation against KDP forms and uploads. Because KDP upload/submission can affect a real Amazon publishing account, the visible artifacts should define explicit user confirmation boundaries before upload, pricing, submission, or publication.
Browser automation rules (critical): ... Use JavaScript `evaluate` with element IDs ... File uploads require CDP `DOM.setFileInputFiles` + change event
Require manual review and explicit confirmation before any KDP upload, pricing change, AI-disclosure selection, or submit-for-review action; prefer guided/manual operation over direct JS/CDP automation for final account changes.
Following the guidance without review could start ongoing Amazon Ads spend.
The advertising guide is relevant to KDP publishing, but it strongly encourages paid campaigns, indefinite running, and launch actions that can incur real costs.
Why Ads Are Non-Negotiable ... End date: No end date (run indefinitely until you pause) ... Daily budget: $5.00/day ... Click Launch Campaign.
Treat ad setup as financial advice, verify budgets yourself, and require explicit approval before launching, increasing, or leaving campaigns running.
Running the generator can use your Google AI account quota or billing and gives the script access to that provider credential.
The generator reads a Google AI API key from an argument, environment variable, or local credential file, while the registry metadata declares no required credentials.
key = api_key_arg or os.environ.get("GOOGLE_AI_API_KEY") ... creds_path = Path.home() / ".clawdbot" / "credentials" / "google_ai.json" ... return json.load(f).get("api_key", "")Use a scoped Google AI key, monitor provider billing/quota, and ensure the skill metadata or setup notes clearly disclose the credential requirement.
Your book ideas, prompts, and generated content may be processed by Google AI services.
The skill sends or generates book concepts, prompts, story content, and image prompts through an external AI provider. This is purpose-aligned but should be understood as a third-party data flow.
Generates KDP-ready print books using Google Gemini (text) and Imagen (illustrations).
Do not use private, confidential, or licensed material in prompts unless you are comfortable sending it to the provider under its terms.
Installing unpinned packages can pull newer or changed dependency versions from package repositories.
The helper scripts rely on runtime Python packages and suggest unpinned pip installs. This is expected for a Python-based publishing helper, but it leaves dependency versions and provenance to the user.
missing.append("reportlab") ... missing.append("Pillow") ... missing.append("google-genai") ... print(f" Run: pip install {' '.join(missing)}")Install dependencies in a virtual environment, pin versions where possible, and review packages before running the scripts.