Skillv1.0.0

ClawScan security

Amazon Store Report · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 8:55 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its described purpose (pulling Amazon reports) but has several inconsistencies and surprises — notably undeclared required env vars, filesystem probing behavior, and metadata/version mismatches — that you should understand before installing.
Guidance: Before installing or running this skill, consider the following: (1) The bundled scripts require an environment variable LINKFOXAGENT_API_KEY to call a LinkFox backend — the registry metadata does not list this requirement; confirm what the API key is and that you trust https://tool-gateway.linkfox.com. (2) The skill will scan many local directories (OpenClaw/Hermes/Claude/Cursor typical paths) to detect the dependency skill; if you care about directory privacy, review the check_auth_dependency.py behavior. (3) The get_report script starts a temporary HTTP server to serve extracted files — by default it binds to 127.0.0.1, but serveHost/servePort are configurable; avoid binding to 0.0.0.0 or public interfaces. (4) Metadata mismatches (ownerId/version) are present — ask the publisher to correct registry metadata and explicitly declare required env vars (LINKFOXAGENT_API_KEY). (5) The skill will try to auto-install its dependency if missing (via the agent's installer); if you do not want that, ensure the agent does not auto-install skills or disable automatic installer invocation. If you decide to proceed, verify the API host and API key out-of-band and run the scripts in a sandboxed environment first.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (Amazon store report retrieval) aligns with the code and instructions: it requests reports via a LinkFox developer-proxy and downloads/extracts them. However, the package metadata shown to the registry lists no required environment variables or primary credential, while the included scripts require LINKFOXAGENT_API_KEY and accept STORE_API_BASE_URL/SPAPI_BASE_URL. Also the registry Owner ID (kn7dmc1...) differs from the _meta.json ownerId (linkfoxagent) and the script versioning differs (registry says 1.0.0 while _meta.json contains 1.0.3). These metadata mismatches are incoherent and worth clarifying.
Instruction Scope: concernSKILL.md and scripts instruct the agent to (a) probe many local skill directories to detect a dependency skill, (b) call LinkFox backend endpoints (/spApi/storeTokens and /spApi/developerProxy) using an API key, (c) download report files and decompress them, and (d) start a short-lived local HTTP server that exposes the extracted file (default bind 127.0.0.1 but serveHost is configurable). Probing many user directories and exposing a local HTTP endpoint are legitimate for the feature but widen scope: the dependency-check scans many home and tool-specific paths (OpenClaw, Hermes, Cursor, Claude), which accesses filesystem metadata; the HTTP server could become reachable beyond localhost if misconfigured. Also SKILL.md instructs the agent to attempt automatic installation of the dependency skill if missing — this behavior can cause the agent to change environment state (install other skills).
Install Mechanism: okThis is an instruction+script skill with no external install spec (no downloads during install). That lowers install-time risk. The runtime will make outbound HTTPS calls to the stated backend (tool-gateway.linkfox.com) and will download report files from Amazon presigned URLs — expected for this purpose.
Credentials: concernThe registry metadata declares no required env vars, but the code requires LINKFOXAGENT_API_KEY (mandatory) and respects STORE_API_BASE_URL / SPAPI_BASE_URL plus several optional env vars used for dependency discovery (LINKFOX_SKILLS_DIR, OPENCLAW_* etc.). Requesting an API key for the LinkFox gateway is coherent with using a developer proxy, but the omission from the declared requirements is a material inconsistency. The dependency-check also reads many local path environment variables and scans user directories for SKILL.md files — reasonable for dependency detection but more filesystem access than some users expect.
Persistence & Privilege: okalways is false and the skill does not request elevated platform privileges. It does, however, instruct the agent to attempt installing the dependency skill when missing; that may result in additional skills being installed by the agent. The skill will create temporary files/directories and start a short-lived local HTTP server for file download (default 127.0.0.1, ephemeral port). It does not attempt to modify other skills' configuration files.