Strider Amazon

Shop on Amazon via Strider Labs MCP connector. Search products, add to cart, place orders, track shipments, and manage returns.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 69 · 1 current installs · 1 all-time installs

by@markswendsen-code

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

Name/description (Amazon shopping via an MCP connector) align with the instructions: the SKILL.md directs the agent to use an @striderlabs/mcp-amazon npm connector via npx to provide search, cart, order, tracking and returns functionality. Requiring the npx binary is coherent.

ℹ

Instruction Scope

Instructions are narrowly scoped to installing/configuring an MCP connector and initiating OAuth with Amazon. They do not request unrelated environment variables or instruct reading arbitrary local files. However, the doc asserts that tokens are "stored encrypted per-user" without describing storage location or access controls (agent storage vs external service), which is an important operational detail missing from the instructions.

!

Install Mechanism

There is no registry install spec in the package metadata; the SKILL.md tells operators to run npx (which will fetch and execute code from npm at runtime). Executing an npm package via npx is a supply-chain risk: npm packages may run arbitrary code when installed/executed. The package name is a scoped npm package (@striderlabs/mcp-amazon) which is expected for this purpose, but the package source and release vetting are not documented here.

✓

Credentials

The skill requests no static environment variables or secrets in the metadata, which is consistent with the described OAuth flow (dynamic per-user authorization). There are no unrelated credential requests. The only missing piece is explicit detail on how OAuth tokens are stored and protected.

ℹ

Persistence & Privilege

always is false and the skill is user-invocable (normal). The SKILL.md asks the operator to add an MCP client configuration entry that will cause the MCP runtime to launch npx when invoked; this may modify the user's MCP client config but that is a manual configuration change rather than hidden behavior. Autonomous invocation is allowed by default — combine that with the npx execution risk before granting broad access.

What to consider before installing

This skill appears to do what it claims, but it depends on running an npm package via npx at runtime and leaves token storage details unspecified. Before installing or enabling it: 1) Inspect the @striderlabs/mcp-amazon npm page and source repository (verify publisher, recent activity, and repository code), 2) Prefer installing from a reviewed release or running the connector in a sandbox, 3) Confirm where OAuth tokens will be stored and who can access them (local agent storage vs external Strider service), 4) Avoid blindly allowing autonomous agent runs that could invoke the connector without your approval, and 5) If you cannot validate the package/source, treat this as high-risk and do not run npx to execute unverified code.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0

Download zip

latestvk97ftnkdvjtydyb0c7791qybyn836pds

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnpx

SKILL.md

Strider Amazon Connector

MCP connector for shopping on Amazon. Part of the Strider Labs action execution layer for AI agents.

Installation

npm install @striderlabs/mcp-amazon

MCP Configuration

Add to your MCP client configuration (Claude Desktop, Cursor, etc.):

{
  "mcpServers": {
    "amazon": {
      "command": "npx",
      "args": ["-y", "@striderlabs/mcp-amazon"]
    }
  }
}

Available Tools

amazon.search_products

Search for products on Amazon.

Input Schema:

{
  "query": "string",
  "category": "string (optional)",
  "prime_only": "boolean (optional)",
  "max_price": "number (optional)",
  "min_rating": "number (optional)"
}

Output:

{
  "products": [
    {
      "asin": "string",
      "title": "string",
      "price": "number",
      "rating": "number",
      "review_count": "number",
      "prime": "boolean",
      "delivery_estimate": "string"
    }
  ]
}

amazon.add_to_cart

Add a product to shopping cart.

amazon.place_order

Complete checkout and place an order.

amazon.track_order

Get shipping status for an order.

amazon.get_order_history

Retrieve past orders.

amazon.initiate_return

Start a return process for an item.

Authentication

First use triggers OAuth authorization flow:

User is redirected to Amazon to authorize
Tokens are stored encrypted per-user
Automatic refresh handles token expiration

Usage Examples

Search for products:

Find wireless earbuds under $100 with at least 4 stars on Amazon

Add to cart and order:

Add the AirPods Pro to my Amazon cart and place the order

Track a shipment:

Where's my Amazon order from last week?

Start a return:

I need to return the headphones I bought on Amazon

Error Handling

Code	Meaning	Action
AUTH_EXPIRED	Session expired	Re-authenticate
AUTH_MFA_REQUIRED	2FA challenge	Notify user
OUT_OF_STOCK	Item unavailable	Suggest alternatives
RATE_LIMITED	Too many requests	Retry after delay
PAYMENT_FAILED	Card declined	Update payment method

Use Cases

Household essentials: Reorder consumables automatically
Gift buying: Search, compare, and order gifts
Price monitoring: Check prices on wishlist items
Order management: Track shipments and manage returns

Links

npm: https://npmjs.com/package/@striderlabs/mcp-amazon
Strider Labs: https://striderlabs.ai
MCP Registry: https://registry.modelcontextprotocol.io

Files

1 total

Select a file

Select a file to preview.

Comments

Loading comments…