Keepa Product Detail
AdvisoryAudited by VirusTotal on Apr 1, 2026.
Overview
Type: OpenClaw Skill Name: linkfox-keepa-product-detail Version: 1.0.0 The skill is designed to retrieve Amazon product data (pricing, sales, dimensions) via the Keepa API through a LinkFox gateway. The Python script (keepa_product_detail.py) implements standard API calling logic using environment variables for authentication and contains no evidence of malicious execution, data exfiltration, or obfuscation. The instructions in SKILL.md and the API documentation in references/api.md are consistent with the stated functionality and do not contain harmful prompt injections.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users must provide a LinkFox API key, and their ASIN queries will be made under that key.
The skill requires a provider API key for the stated LinkFox product lookup service, while the registry metadata lists no required env vars or primary credential. This is a disclosure gap, but the credential use is purpose-aligned and there is no evidence of logging or unrelated transmission.
认证方式:Header `Authorization: <api_key>`,api_key 从环境变量 `LINKFOXAGENT_API_KEY` 读取
Declare LINKFOXAGENT_API_KEY in the skill metadata and use a key intended only for this LinkFox/Keepa lookup purpose.
ASINs and lookup parameters entered for this skill are sent to LinkFox to retrieve product data.
The helper sends user-supplied ASIN/domain/history parameters to the LinkFox gateway. This is the core purpose of the skill and the script validates the domain, but users should be aware it is an external API call.
API_URL = "https://tool-gateway.linkfox.com/keepa/productRequest" ... with urlopen(req, timeout=60) as response:
Use the skill only for ASINs you are comfortable querying through LinkFox, and keep the documented request limits and marketplace IDs.
If the feedback endpoint is used, parts of the user's request or feedback could be sent to LinkFox.
The reference documentation includes a separate feedback endpoint that may transmit user intent or feedback text to LinkFox. The provided code does not call it automatically, but it is an additional data flow outside the product lookup API.
- **POST** `https://skill-api.linkfox.com/api/v1/public/feedback` ... `content`: Include what the user said or intended, what actually happened
Only submit feedback with user awareness, and avoid including sensitive or unnecessary conversation details.