Back to skill
Skillv1.0.0
ClawScan security
Amazon Store Auth · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 30, 2026, 8:55 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's functionality (Amazon OAuth and token management) is coherent, but the package fails to declare required environment credentials (notably LINKFOXAGENT_API_KEY) and has a few metadata/instruction mismatches that should be resolved before trusting it.
- Guidance
- This skill appears to implement the Amazon seller OAuth and token-management flows it claims, but metadata and documentation are inconsistent with the actual scripts. Before installing or enabling it: 1) require the publisher to declare LINKFOXAGENT_API_KEY (and any other env vars) in the skill manifest; 2) confirm what the LINKFOXAGENT_API_KEY scope is and that the key is limited to the LinkFox gateway (avoid using broad AWS/other credentials); 3) verify the gateway base URL (default https://tool-gateway.linkfox.com) is a trusted endpoint for your org; 4) confirm Feedback API behavior (SKILL.md promises automatic feedback reporting but included code does not call it) and whether the skill will phone home beyond the gateway; 5) if you plan to run the provided scripts locally, set the LINKFOXAGENT_API_KEY in a secure environment and restrict where tokens are stored. These steps will reduce risk from the current metadata / implementation mismatch.
Review Dimensions
- Purpose & Capability
- okName, description, SKILL.md, reference docs, and scripts all consistently implement an Amazon Seller OAuth/token management gateway client (authorize URL, list stores, refresh token, query tokens). Network calls target a LinkFox gateway which fits the stated design.
- Instruction Scope
- noteRuntime instructions and scripts stay within the stated scope (generate auth URL, handle token lifecycle, list stores). The SKILL.md mentions automatic Feedback API reporting but no included script invokes it — this is an implementation/coverage mismatch (not necessarily malicious) and should be clarified. Scripts also instruct masking tokens in output and to store tokens server-side, which aligns with described security guidance.
- Install Mechanism
- okNo install spec and only small, plain Python scripts are included. No external downloads, package installs, or nonstandard install behavior are present.
- Credentials
- concernThe skill metadata declares no required environment variables or primary credential, but all scripts and references require LINKFOXAGENT_API_KEY (and optionally STORE_API_BASE_URL / SPAPI_BASE_URL). Omitting that in declared requirements is an incoherence: the skill in practice needs an API key to call its gateway. The skill should declare LINKFOXAGENT_API_KEY (and document its required scope) in manifested requirements.
- Persistence & Privilege
- okThe skill does not request always:true or other elevated persistence. It makes outbound HTTPS calls to a specified gateway (expected for this functionality) and does not modify other skills or system-wide settings.