Amazon Review Management
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is mostly a review-advice prompt, but it unnecessarily grants Bash access and includes “compliant” review-request wording that conflicts with its own cautions.
Review this skill carefully before installing. It appears to provide useful review-response and strategy guidance, but Bash access is broader than needed for that purpose. If you use it, avoid providing sensitive seller or customer information unless you know where it will be stored, and revise any review-request copy to be neutral and compliant with Amazon’s current policies.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed, the agent may have access to a powerful local command tool that is not clearly needed for drafting responses or review strategies.
The skill is presented as an instruction-only Amazon review management assistant, but it grants access to Bash without showing any review-management workflow that needs local shell execution.
allowed-tools: Bash
Remove Bash from the allowed tools unless a specific, bounded, user-approved shell workflow is documented.
A seller could rely on the template believing it is safe, but it may create Amazon policy or account-risk exposure if used as written.
The skill labels the template as compliant while the wording appears to condition the review request on a positive experience and steer dissatisfied customers to contact privately first, which conflicts with the skill's own prohibited-practices guidance.
### Compliant Insert Card Copy ... "If you love it, we'd be grateful if you shared your experience" ... "If anything's not right, please email us first"; earlier: "NOT OK: Asking specifically for positive reviews" and "NOT OK: Manipulative inserts"
Use strictly neutral review-request language that invites all feedback equally and does not separate satisfied and dissatisfied customers into different actions.
Review history, product details, and seller strategy notes could persist beyond a single chat if the agent implements this command with memory or files.
The skill suggests saving product review profile/history, but the artifact does not define storage location, retention, deletion, or whether saved information may be reused in later tasks.
review save [product] # save review profile and history
Only save non-sensitive review data intentionally, and document where saved profiles are stored and how users can inspect or delete them.