Amazon Ads Report
PassAudited by VirusTotal on May 7, 2026.
Overview
Type: OpenClaw Skill Name: linkfox-amazon-ads-report Version: 0.0.1 The skill bundle is a legitimate tool for retrieving Amazon Ads reports (Sponsored Products and Sponsored Brands) via a third-party gateway (tool-gateway.linkfox.com). The core logic in `get_report.py` manages the asynchronous report lifecycle, including creation, polling, and downloading. It features a local dependency checker (`check_auth_dependency.py`) and a temporary local HTTP server (bound to 127.0.0.1) to facilitate file access for the user. The instructions in `SKILL.md` provide clear, safety-conscious guidance for the AI agent, such as enforcing account clarification and preventing direct user input of sensitive IDs. No indicators of malicious intent, data exfiltration, or unauthorized execution were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using this skill can let the agent access Amazon Ads report data for authorized advertising accounts.
The skill relies on a separate Amazon Ads auth skill and uses authorized account/profile information to access reports.
本技能依赖 linkfox-amazon-ads-auth ... 先调 `linkfox-amazon-ads-auth` 的 `authorized_stores.py` 拉出用户已授权的账号 × 站点清单。
Only use it with accounts you intend the agent to report on, and review the linked auth skill and granted Amazon Ads permissions.
Report data may be accessible through a local link for about five minutes; this is bounded to localhost by default but still contains business-sensitive data.
Downloaded report files are exposed through a temporary localhost HTTP server by default.
`serveExtractedFileHttp` | true ... `serveHost` | `127.0.0.1` ... `serveSeconds` | 300
Keep the server bound to 127.0.0.1, avoid sharing the temporary link, and disable `serveExtractedFileHttp` when a local file path is sufficient.
The report skill’s security depends on the separate auth skill that manages Amazon Ads authorization.
The report skill depends on another skill for authentication, so the safety of credential handling is partly outside this artifact set.
**依赖 `linkfox-amazon-ads-auth`**(脚本启动自动检查;未安装时 exit 42,stderr 打 `DEPENDENCY_MISSING`)。
Review and install the auth dependency from a trusted source before using this report skill.