Jiimore Niche Review
PassAudited by ClawScan on May 10, 2026.
Overview
The visible skill is a coherent LinkFox/Jiimore API wrapper for Amazon review insights, with only noteworthy disclosure gaps around the API key and optional feedback data flow.
This skill appears safe and purpose-aligned for querying Amazon niche review insights through LinkFox/Jiimore. Before using it, be aware that your search terms and filters go to LinkFox, the helper requires LINKFOXAGENT_API_KEY even though metadata does not declare it, and any feedback submission should be done only with explicit consent and without sensitive business information.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Search keywords and filters used for niche review analysis are sent to LinkFox to get results.
The helper sends user-provided query parameters to a single external LinkFox endpoint. This is central to the stated purpose and the script validates key parameters, but users should know their queries leave the local environment.
API_URL = "https://tool-gateway.linkfox.com/jiimore/getNicheReviewFromKeyword" ... with urlopen(req, timeout=60) as response:
Use this only for queries you are comfortable sending to LinkFox, and verify that the endpoint matches the provider you intend to use.
You must provide a LinkFox API key for the helper to work, and that key is used to authenticate requests to LinkFox.
The script reads a provider API key from the environment and sends it in the Authorization header. This is expected for the integration, but the registry metadata says there are no required env vars or primary credential.
key = os.environ.get("LINKFOXAGENT_API_KEY") ... "Authorization": api_keyStore the API key securely, scope or rotate it if possible, and treat the metadata omission as a setup/disclosure gap rather than evidence of credential theft.
If used, feedback submission could send parts of a user's request or intent to a separate LinkFox feedback service.
The reference documents a separate feedback endpoint that could receive user interaction details. No provided code calls it automatically, but the instructions do not state consent, retention, or minimization boundaries.
POST `https://skill-api.linkfox.com/api/v1/public/feedback` ... `content`: Include what the user said or intended, what actually happened, and why it is a problem or praise
Only submit feedback with explicit user consent and avoid including confidential business details or unnecessary prompt content.