Mpstats Ozon Product Search
AdvisoryAudited by Static analysis on May 6, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Ozon search terms, SKUs, brand names, seller names, dates, and pagination parameters are sent to LinkFox's gateway.
The script sends the user-provided search request to a single external LinkFox gateway endpoint. This is disclosed and central to the skill's purpose, but it is still an external data flow users should notice.
API_URL = "https://tool-gateway.linkfox.com/mpstats/ozon/productSearch" ... with urlopen(req, timeout=60) as response:
Use the skill only for queries you are comfortable sending to LinkFox/MPSTATS, and avoid placing unrelated private information in search parameters.
Queries may run under your LinkFox account and could consume quota or expose account-scoped access if the key is shared or overprivileged.
The skill authenticates requests with a LinkFox API key read from the environment. This is expected for the MPSTATS gateway, but the registry metadata lists no required env vars or primary credential.
key = os.environ.get("LINKFOXAGENT_API_KEY") ... "Authorization": api_keyUse a dedicated LinkFox API key with the least needed access, store it securely, and revoke or rotate it if it is no longer needed. The skill metadata should declare LINKFOXAGENT_API_KEY.