Amazon FBA Finder
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill appears non-destructive, but its advertised Amazon/Alibaba real-time product research features are not actually implemented and it asks users to configure API keys anyway.
Review carefully before installing or paying for this skill. The provided code looks mostly like a non-destructive placeholder, not a working Amazon/Alibaba research engine. Do not put real API keys in TOOLS.md; use scoped credentials only after the author demonstrates working integrations and clear credential handling.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could over-trust advertised product, sales, competition, or ROI claims even though the core data-gathering functionality is not implemented.
The source shows product discovery is a placeholder that returns an empty list, while the skill is marketed as a paid real-time high-profit product discovery engine.
# 模拟产品搜索(实际实现需要对接 Amazon API) ... return opportunities
Treat the product-research claims as unverified until the author provides working API integration, realistic sample outputs, and clear disclosure of current limitations.
If a user places real API keys in an agent-readable file, those keys may be visible in contexts or logs beyond what they intended.
The skill asks for provider API keys, but the registry metadata declares no required environment variables or primary credential, and TOOLS.md may expose secrets to agent context.
在 `TOOLS.md` 或环境变量中配置 API 密钥: AMAZON_API_KEY=your_amazon_api_key ALIBABA_API_KEY=your_alibaba_api_key
Use a proper secret manager or environment variables instead of TOOLS.md, and only provide narrowly scoped keys after confirming the skill actually needs and uses them.
A future dependency version could behave differently from what was reviewed, although this is common for Python projects and no malicious install behavior is shown.
The README instructs installing dependencies, but the requirements use lower-bound ranges rather than exact pinned versions or hashes.
requests>=2.31.0 beautifulsoup4>=4.12.0 pandas>=2.0.0 numpy>=1.24.0 python-dotenv>=1.0.0 aiohttp>=3.9.0
Install in an isolated environment and prefer a lockfile or pinned dependency versions for reproducible use.