Amazon Product Photography
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is mostly a text-only Amazon photography planning guide, but it grants Bash shell access that does not appear necessary for its purpose.
Review this skill before installing because its Bash permission is broader than needed for photography planning. If you use it, avoid allowing shell execution unless the skill is updated to remove or tightly constrain Bash access, and verify any marketing claims before using them in Amazon images.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses this skill, it may be allowed to run local shell commands even though the task should only require generating advice and documents.
The skill is described as a planning and briefing assistant, but it grants access to Bash, a broad local command tool, with no visible instructions limiting or justifying shell use.
description: "Amazon product photography planning and briefing agent..." allowed-tools: Bash
Remove Bash from the allowed tools, or add explicit, narrow, user-approved shell-use limits if shell access is genuinely needed.
Unverified customer counts, ratings, certifications, awards, or press logos could create misleading or noncompliant Amazon listing content.
The skill suggests trust-building marketing elements. This is purpose-aligned for product photography, but such claims should be verified before being used in public listing images.
Options: - "X,000+ customers" with star rating graphic - Certification logos (CE, FDA, BPA-free) - Award badges - Press mentions / media logos
Use only substantiated claims and add a requirement that certifications, ratings, awards, and media references be verified before inclusion.