Amazon Global Expansion
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is mostly an Amazon marketplace planning guide, but it unnecessarily requests Bash shell access without a clear scoped reason.
Before installing, consider whether this skill really needs Bash. For normal marketplace planning advice, it should work as an instruction-only skill without local shell access.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed with Bash enabled, the agent may be permitted to run local shell commands even though the skill’s business-planning task does not require that level of access.
The artifact describes an advisory market-expansion skill, but grants Bash shell capability. No provided install spec, code, or instructions justify local command execution for this purpose.
description: "Amazon global marketplace expansion agent..." allowed-tools: Bash
Remove Bash from the allowed tools, or restrict use to explicit, user-approved commands with a clear explanation of why they are needed.