ClawHub
Back to skill
v1.0.0

Amazon Backend Report

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:10 AM.

Analysis

The skill’s report-analysis purpose is clear, but it requests broad Bash access that is not justified by the visible paste-and-analyze workflow.

GuidanceReview this skill carefully before installing because it requests Bash despite being an instruction-only report analyzer. If you use it, paste only the report fields needed for analysis, avoid credentials or unnecessary personal data, and be deliberate about using save or digest features.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
allowed-tools: Bash

The skill grants the agent a broad local shell tool, while the visible instructions describe analyzing user-pasted Seller Central report data and do not show a need for shell execution.

User impactIf installed with this permission, the agent may have more local command capability than is necessary for report analysis.
RecommendationPrefer a version that does not request Bash, or restrict tool access unless a specific, reviewed shell-based workflow is required.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
report save <period>              # save analysis to workspace

The skill includes a user-facing command to save analyses, which may retain summaries derived from sensitive Amazon Seller Central financial, advertising, inventory, or sales reports.

User impactSaved analyses could preserve business-sensitive information for later reuse, including in digest-style reporting.
RecommendationOnly save analyses when needed, avoid pasting unnecessary confidential fields, and review workspace retention or deletion options.