APIClaw Amazon Analysis
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill appears purpose-aligned for Amazon product research, but users should notice that it uses an API key, can save that key locally, and sends queries to APIClaw.
This looks like a normal API-backed Amazon research skill. Before installing, make sure you are comfortable giving it an APIClaw key, prefer setting the key as an environment variable instead of saving it to config.json, and avoid sending unrelated sensitive information in research queries.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed and configured, the agent can use the provided APIClaw key for product-research API requests, and the key may remain on disk across sessions.
The skill requires an API credential and may store it locally for reuse. This is expected for the API integration and is disclosed, but it gives the agent access to the user's APIClaw account/quota.
Required: `APICLAW_API_KEY` ... Scope: used only for `https://api.apiclaw.io` ... When user provides a Key, write it to `config.json`.
Prefer the environment variable method when possible, avoid pasting keys into unrelated chats, and delete config.json if you no longer want the skill to retain the key.
The agent may run local commands to query APIClaw when answering Amazon research questions.
The skill relies on executing a local Python helper and permits direct API calls if needed. This is disclosed and aligned with the API-backed purpose, but it is still command execution.
`scripts/apiclaw.py` | **Execute** for all API calls ... **Fallback:** If script fails and can't be quickly fixed, use curl directly.
Use the skill for relevant Amazon research tasks only, and review unusual commands before allowing execution.
Amazon product queries and related parameters are shared with APIClaw to obtain results.
The artifacts clearly disclose that requests, query parameters, and the bearer token are sent to the APIClaw service. This provider data flow is expected for the skill.
Base URL: `https://api.apiclaw.io/openapi/v2` ... Auth: `Bearer $APICLAW_API_KEY` ... Method: All POST with JSON body
Do not include unrelated private information in product-research queries, and ensure you trust APIClaw with the data you send.