Back to skill
Skillv1.2.4
ClawScan security
Buy from Amazon — Search, Cart & Order for AI Agents · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 20, 2026, 10:25 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent for acting as a shopping proxy that routes requests and PII to buystuff.ai and returns payment links; it does not request unrelated credentials or install code, but it does forward shipping/email data to a third party and relies on external payment handling so you should verify the vendor before using it for real purchases.
- Guidance
- This skill behaves like a shopping proxy that will transmit your shipping address and email to a third party (buystuff.ai) and send you a payment link to complete purchases. Before using it: 1) Verify buystuff.ai (website, contact/support, reviews, privacy and refund policy). 2) Test with a low-cost item to confirm the workflow and fulfillment. 3) Do not provide any saved payment credentials through this skill; you will pay via a link on the vendor's site — verify the URL in the email before entering payment data. 4) Ensure the agent asks for and receives explicit, unambiguous user approval before requesting a payment link (the SKILL.md requires this but it is not enforced programmatically). 5) Accept that you are trusting buystuff.ai to place the Amazon order and handle refunds; if you need stronger guarantees (use of your own Amazon account, direct payment methods, or avoiding third-party handling of PII), choose a different workflow.
- Findings
[no-findings] expected: Regex scanner found nothing to analyze because this is an instruction-only skill (only SKILL.md). That is expected; absence of findings does not validate the third-party service or its privacy/fulfillment claims.
Review Dimensions
- Purpose & Capability
- okName/description match the behavior: the skill proxies Amazon searches, builds carts, and requests order/payment links via buystuff.ai. No unrelated env vars, binaries, or installs are required.
- Instruction Scope
- noteSKILL.md instructs the agent to send shipping address, email, and optional agentId to https://buystuff.ai and to persist/send a session ID header. That is expected for a shopping proxy, but the agent will transmit PII (shipping address and email) to the third party — callers should be explicit about consent and verify the destination.
- Install Mechanism
- okInstruction-only skill with no install spec or code files — lowest-risk footprint on the local system. Nothing is downloaded or executed locally by the skill itself.
- Credentials
- okNo credentials or secret environment variables are requested. The declared data flows (shipping address, email, optional agent ID) match the stated purpose. Note: PII is still sent to an external service and payment is handled off-site, so this is a privacy/trust decision rather than a technical mismatch.
- Persistence & Privilege
- okalways is false and the skill does not request system-wide or other-skill config changes. The skill requires session-state persistence (X-Session-ID) for carts, which is reasonable for this use-case.