Skillv1.0.0

ClawScan security

amazon-sorftime-research-category-skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 6, 2026, 3:59 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely does what its description says (Amazon category analysis) but there are mismatches between the declared metadata and the included code/instructions (implicit API key handling, undeclared runtime dependencies, and automatic reading of a local config) that warrant caution before installing or running it.
Guidance: What to consider before installing or running this skill: - The skill appears to implement Amazon category analysis as described, but the package metadata doesn't declare the API key requirement—the code will try to read an API key from an environment variable (SORFTIME_API_KEY) or automatically from a local .mcp.json file. Inspect .mcp.json first: do not keep unrelated secrets in it. - The bundle includes many Python scripts that expect a Python runtime and third-party libraries (requests, Excel-related libs). The registry didn't declare these dependencies—run in an isolated environment (container/VM) or create a dedicated virtualenv before running. - Network activity: the scripts call https://mcp.sorftime.com (expected). Confirm you are comfortable sending your API key and requests to that endpoint and that the API key has only the minimal permissions needed. - Automatic credential loading is convenient but risky. Prefer setting an explicit environment variable for the Sorftime API key instead of leaving multiple credentials in .mcp.json. If you must use .mcp.json, open it to verify its contents before use. - The code uses aggressive regex parsing of large SSE/text responses; test with non-sensitive sample data first and check output files (data.json, report.md, execution.log) for expected content. - If you need higher assurance, ask the publisher to: (1) update metadata to declare the required API key and runtime dependencies, (2) remove automatic credential discovery or make it opt-in, and (3) provide a minimal install spec or dependency list.

Review Dimensions

Purpose & Capability: noteThe scripts and SKILL.md implement Amazon category analysis using Sorftime MCP APIs (category_report, product_detail, etc.), which aligns with the skill's stated purpose. However the registry metadata lists no primary credential or required env vars even though the code and documentation expect an API key (via SORFTIME_API_KEY or automatic read from .mcp.json). That metadata omission is inconsistent and should be corrected or explained.
Instruction Scope: concernRuntime instructions and included Python scripts instruct the agent/user to call mcp.sorftime.com and to run bundled scripts that (a) automatically read a .mcp.json file for an API key, (b) parse and write large response files, logs and reports, and (c) perform regex-based parsing of SSE responses. The automatic .mcp.json read is scope-creep: it can surface keys or endpoints not explicitly declared. The scripts also create files (reports, execution.log) under the skill path.
Install Mechanism: noteThere is no install spec (instruction-only), which reduces supply-chain risk. But the bundle includes many Python scripts that assume a Python runtime and third-party packages (e.g., requests, openpyxl inferred by Excel-report code). Those runtime expectations are not declared in the metadata (no 'required binaries' or dependencies), which is a transparency gap.
Credentials: concernThe metadata declares no required env vars/primary credential, yet code and SKILL.md use/auto-load an API key (SORFTIME_API_KEY or extracted from .mcp.json). Automatically reading a local config file for credentials without an explicit declared requirement increases the risk of accidental exposure of other secrets stored in that file. No unrelated third-party credentials are requested, but the implicit credential access is disproportionate to what the metadata states.
Persistence & Privilege: okThe skill is not 'always: true' and does not request elevated privileges. It writes output and logs to its own directories, which is expected for a reporting tool. It does not modify other skills or system-wide agent settings.