Amazon Pricing Strategy
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The pricing guidance is mostly coherent, but the skill grants broad Bash command access without explaining why a pricing-advice skill needs local shell execution.
Use caution before installing because the pricing content itself appears relevant, but the skill requests Bash access that is not explained by its stated purpose. Prefer a version that does not allow shell commands, or only use it if you are comfortable monitoring and approving any local command execution.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the agent may have unnecessary ability to run local commands while handling a pricing task, increasing risk from mistakes or unintended tool use.
The skill grants access to Bash even though the artifact is instruction-only and the pricing-advice purpose does not clearly require local shell execution.
allowed-tools: Bash
Remove Bash access unless it is truly required, or clearly restrict it to specific user-approved commands and explain why those commands are needed.