Amazon Return Optimizer
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The Amazon return-analysis guidance is coherent, but the skill requests broad Bash shell access without explaining why, so it should be reviewed before use.
Install only if you are comfortable with the skill having Bash capability, or disable/remove that tool permission. Provide only the Amazon return and listing data needed for analysis, and manually verify any reimbursement, removal-order, or listing-change recommendations before acting on them.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the agent could have local shell access that is broader than needed for the advertised return-rate advisory task.
This grants the agent broad shell-command capability, but the skill content is an instruction-only Amazon return analysis guide and does not define scoped Bash commands, file boundaries, or approval requirements.
allowed-tools: Bash
Remove Bash access unless a specific, documented command workflow is required; if kept, restrict it to clearly described, user-approved, non-destructive commands.