Amazon Search
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to perform the advertised Amazon search lookup through LinkFox, but users should know it sends search parameters and a LinkFox API key to external LinkFox endpoints.
This skill looks coherent for Amazon SERP research. Install it only if you are comfortable sending Amazon search terms, optional delivery ZIP data, and a LinkFox API key to LinkFox. Use a dedicated API key and avoid including sensitive business or personal details in searches or feedback.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users need to provide a LinkFox API key, and that key authorizes requests to the LinkFox tool gateway.
The skill uses a provider API key from an environment variable and sends it as an Authorization header. This is expected for the LinkFox integration, but the registry metadata lists no required env vars or primary credential.
认证方式:Header `Authorization: <api_key>`,api_key 从环境变量 `LINKFOXAGENT_API_KEY` 读取
Use a dedicated, least-privilege LinkFox key if available, avoid sharing it, and rotate it if exposed. The skill publisher should declare LINKFOXAGENT_API_KEY in metadata.
Product research keywords, marketplace choices, and optional location-simulation data may be visible to the LinkFox service.
Amazon search keywords and optional delivery ZIP/postal-code simulation data are sent to an external LinkFox endpoint. This is aligned with the skill purpose, but it is still an external data flow.
请求地址:`https://tool-gateway.linkfox.com/amazon/search` ... `keyword` ... `deliveryZip`
Avoid sending confidential strategy terms or personal location details unless you are comfortable sharing them with LinkFox.
If used, feedback submissions could send parts of the user's request or intent to LinkFox outside the core Amazon search API.
The reference file documents a separate public feedback endpoint that could transmit user interaction details. The provided script does not call it automatically, but the data boundary should be clear to users.
POST `https://skill-api.linkfox.com/api/v1/public/feedback` ... `content`: Include what the user said or intended
Only submit feedback with user awareness and avoid including sensitive user content.