Amazon Price History
v1.0.0Amazon product price history tracker and drop alert agent. Track price trends over time, identify the best time to buy or sell, analyze competitor pricing pa...
⭐ 0· 89·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the runtime instructions: all features (trend, volatility, alerts, reports) are implemented as guidance for the agent to operate on pasted ASIN/price snapshots and produce local analyses. There are no unrelated requirements (no cloud credentials, no extra service APIs).
Instruction Scope
SKILL.md restricts input to user-provided ASINs, prices, competitor/buy-box info, and cost structure. It instructs the agent to create and write files under ~/price-tracker/ (history, alerts, patterns, reports). This is consistent with the stated purpose, but you should expect the agent to write files to your home directory and to process any sensitive cost data you paste.
Install Mechanism
No install spec and no code files — instruction-only skill. That minimizes supply-chain risk (nothing downloaded or executed beyond allowed-tools).
Credentials
The skill requests no environment variables, no credentials, and no config paths. This is proportionate to its stated functionality.
Persistence & Privilege
The skill does create a local workspace (~/price-tracker) but does not request always:true or other elevated/always-present privileges. It relies on allowed-tools: Bash to perform file writes, which is expected for an instruction-only skill that saves data locally.
Assessment
This skill appears coherent and self-contained, but before installing: (1) be aware it will create and write files under ~/price-tracker — review and remove those files if undesired; (2) do not paste secrets or credentials (API keys, supplier passwords) into the skill — only paste price and cost data you intend to store locally; (3) confirm the agent's runtime sandboxing for Bash commands in your environment (Bash access could be used to run arbitrary shell commands if the agent is compromised); (4) if you want networked price scraping or automated alerts, ask for explicit instructions or an integration that requires credentials — this skill does not perform external scraping or require API keys as written; (5) optionally inspect the referenced GitHub homepage before use to verify provenance and review any example outputs or community feedback.Like a lobster shell, security has layers — review code before you run it.
latestvk970bkbbc3yv5dm4ywbqw7q0an83fn4a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.