Amazon Ads Entity
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: linkfox-amazon-ads-entity Version: 0.0.1 The skill bundle is a legitimate tool for querying Amazon Ads Sponsored Products (SP) and Sponsored Brands (SB) entities. It implements a structured approach to handle Amazon's API versioning (v3 and v4) and provides helper scripts for common tasks like listing campaigns, ad groups, and keywords. The code uses a central gateway (tool-gateway.linkfox.com) to proxy requests, which is a standard architectural pattern for such tools to manage authentication and API limits. It includes a thorough local dependency check (check_auth_dependency.py) and clear instructions in SKILL.md for the AI agent to handle multi-account scenarios safely. No evidence of malicious intent, data exfiltration, or unauthorized execution was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A broad query may retrieve thousands of advertising records from the selected account profile.
The skill can automatically page through a large number of Amazon Ads entities. This is disclosed and read-only, but users should understand the breadth of data retrieval.
fetchAll=true(默认)跟随分页 token 到结束或 maxPages=50 兜底(约 5000 条,超出标 truncated=true)
Use campaign, ad group, state, ASIN, or SKU filters when possible, and check the `truncated` flag in results.
Whoever runs the skill with this key can read Amazon Ads entity metadata for authorized profiles.
The skill requires a LinkFox API key to access Amazon Ads token/profile functions. This is purpose-aligned, but it is sensitive credential use and the registry requirements list no required env vars or primary credential.
鉴权:环境变量 `LINKFOXAGENT_API_KEY`
Set `LINKFOXAGENT_API_KEY` only in a trusted environment, verify the authorized Amazon Ads profiles, and prefer registry metadata that explicitly declares this credential requirement.
Your API key, Amazon Ads token, profile ID, and query body may be sent to the configured gateway endpoint.
Requests, profile IDs, and Amazon Ads access tokens are sent through a LinkFox gateway, and an environment variable can override the gateway base URL. This is coherent with the integration, but it is a sensitive data boundary.
API_BASE_URL = os.environ.get("AMAZON_ADS_BASE_URL") or "https://tool-gateway.linkfox.com" ... "amzAccessToken": access_tokenUse the default gateway only if you trust LinkFox with this integration, and do not set `AMAZON_ADS_BASE_URL` to an untrusted endpoint.
Using the skill may require adding another skill that handles Amazon Ads authorization.
The skill depends on a separate auth skill and suggests installing it when missing. This dependency is disclosed and purpose-aligned, but installing an auth-related skill should be user-approved and trusted.
invoke it to install 'linkfox-amazon-ads-auth' immediately
Install `linkfox-amazon-ads-auth` only from a trusted source and after confirming that you want this Amazon Ads authorization dependency.