ClawHub
Back to skill
v1.0.0

amazon-sorftime-research-keywords-skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:10 AM.

Analysis

The skill’s Amazon keyword-research purpose is coherent, but its generated HTML dashboard appears to insert user/API-derived text without escaping, which could let malicious content run in the browser when the report is opened.

GuidanceInstall only if you are comfortable giving it access to your Sorftime MCP API key and generating local reports. Before opening or sharing the HTML dashboard, prefer a version that escapes product and keyword text safely, and review all negative-keyword and advertising recommendations manually before applying them to an Amazon Ads account.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution
SeverityMediumConfidenceHighStatusConcern
scripts/generate_html_dashboard.py
product_name = product_info.get('product_name', '') ... product_name = infer_product_name(core_keywords) ... html_content = html_content.replace('{{PRODUCT_NAME}}', product_name)

Product names can come from user-provided product_info or inferred keyword data, then are inserted directly into the HTML template. The visible code does not HTML-escape these placeholder replacements, so malicious text could become active HTML/JavaScript in the generated dashboard.

User impactIf a malicious or malformed product name/keyword reaches the dashboard, opening the generated HTML report could run unwanted browser script locally.
RecommendationEscape all text inserted into HTML, validate ASIN/site formats, and use an auto-escaping template engine or context-aware escaping for HTML attributes, text, and JavaScript contexts.
Agent Goal Hijack
SeverityLowConfidenceMediumStatusNote
SKILL.md
【待分类关键词】
{keywords_json}

【输出格式】
请以 JSON 格式输出

The workflow places externally collected keyword data into an LLM classification prompt. This is central to the skill, but keyword text should be treated strictly as data because unexpected strings could influence classification or report recommendations.

User impactBad or adversarial keyword data could skew the generated negative-word, brand-word, or campaign-strategy recommendations.
RecommendationClearly delimit keyword data, instruct the model to treat it as inert data, validate the JSON category output, and have a human review negative and brand keyword lists before using them in ads.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
README.md
**API Key**: 自动从 `.mcp.json` 读取

The skill expects to read a local Sorftime MCP API key, while the registry metadata declares no primary credential or required config path. This appears purpose-aligned but should be visible to installers.

User impactThe skill may access a local MCP credential file to call Sorftime APIs for keyword data.
RecommendationDeclare the Sorftime credential/config requirement in metadata, read only the needed key, and avoid printing or storing API keys in generated logs or reports.