Amazon Listing Writer
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This looks like a normal Amazon listing copywriting skill, but it unnecessarily grants broad Bash command access that the stated task does not need.
The content-generation instructions themselves appear benign, but review or remove the Bash tool permission before installing, because a listing writer should not need broad local command execution.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly or abused by the agent, unnecessary Bash access could affect local files or the user environment even though the listing-writing task should not need it.
The stated purpose is copy generation, but the skill grants Bash, which can run arbitrary local shell commands. The artifact does not explain why shell access is needed or set limits on its use.
description: "Write high-converting, SEO-optimized Amazon listings..." allowed-tools: Bash
Remove Bash from allowed tools or restrict it to a clearly documented, user-approved, purpose-specific workflow.