APIClaw Amazon Analysis

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches its Amazon research purpose, but it needs Review because it persists API keys in plaintext by instruction and includes under-scoped nationality-based seller profiling.

Install only if you are comfortable sending Amazon seller research queries to APIClaw. Prefer setting APICLAW_API_KEY as an environment variable instead of pasting it into chat or letting the agent save config.json. Avoid or heavily constrain the Chinese seller case-study workflow; use neutral business metrics rather than inferred nationality.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to persist user-supplied API keys to a local `config.json`, creating unnecessary secret-at-rest exposure for a product-analysis workflow. Even if intended as a convenience feature, storing credentials on disk increases the chance of later leakage through other tools, logs, backups, directory reads, or cross-session reuse beyond the user's expectation.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README explicitly tells users they can provide the API key to the agent so it is saved to a local config.json automatically, but it does not warn that this persists a credential to disk or discuss file permissions, accidental commits, or multi-user environments. In an agent-skill context, encouraging secret storage through conversational input is risky because users may not realize the key is being retained and could later be exposed through logs, workspace sharing, backups, or source control.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrases for invoking the composite recommendation workflow are broad enough to match many ordinary shopping or advice requests, which can cause the skill to activate unexpectedly. In this skill context, unintended invocation may lead to unnecessary data collection, irrelevant API usage, and overly confident product-selection guidance when the user did not explicitly request Amazon seller analysis.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The Chinese seller case-study triggers are ambiguous and can be invoked by loosely related questions about Chinese sellers, creating a risk of over-triggering analysis tied to seller nationality. In this context, that is more sensitive than a generic routing issue because it can steer the system into nationality-based profiling or unsupported inferences from weak seller-location signals.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The load condition is broad enough that the skill may be invoked for many loosely related Amazon-selling queries, increasing the chance it activates when the user did not intend to use this capability. Over-broad routing can expose external-tool usage, cause irrelevant API calls, and let a weaker-matched skill influence responses outside its narrow domain.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrases include very common language such as 'What are the risks' and 'can I do this,' which are ambiguous and likely to match unrelated conversations. This can lead to unintended skill activation in contexts far outside Amazon product evaluation, increasing the chance of irrelevant guidance or unnecessary external API access.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrase "what are they saying" is highly ambiguous and can match ordinary conversational requests that are not specifically about Amazon competitor listings. In a tool-enabled agent, this can cause unintended skill activation, leading to unnecessary external API calls, irrelevant data retrieval, and possible disclosure of user intent or context to the third-party service.

Vague Triggers

Medium

Confidence: 96% confidence
Finding: Triggers like "write title" and "help me write product page" are broad enough to overlap with many benign writing tasks unrelated to Amazon listings. This increases the chance of accidental routing into this skill, which may prompt collection of commercial/product data and unnecessary calls to APIClaw, creating privacy, cost, and workflow-integrity risks.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: Phrases such as "what's wrong with my listing" and "improve my listing" are contextually ambiguous because "listing" could refer to real estate, jobs, marketplace posts, or non-Amazon content. In this skill's API-backed environment, ambiguous activation can misroute user requests and trigger unintended competitor/product lookups, exposing data to a third-party API and degrading agent reliability.

Ssd 3

Medium

Confidence: 82% confidence
Finding: The workflow explicitly instructs the agent to proactively collect user profile attributes and then display them in the final output, which creates a risk of unnecessary retention and re-disclosure of user-provided information. Although the fields are not highly sensitive on their own, budget, experience, and preferences are still personal business-context data and should be minimized to what is strictly needed.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal