ClawHub
Back to skill
v1.0.0

Amazon Keyword Research

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:53 AM.

Analysis

The skill is mostly a prompt for Amazon keyword strategy, but it asks for unrestricted Bash access and references CLI/memory behavior without clear implementation or limits.

GuidanceReview this before installing because Bash access is broader than the advertised keyword-research purpose needs. Prefer a version that removes Bash or clearly documents a vetted `kw` executable, and avoid saving confidential product ideas unless memory storage and deletion are explained.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
allowed-tools: Bash

This grants the skill access to a broad local shell tool, while the artifact is otherwise an instruction-only Amazon keyword strategy prompt and does not scope or justify shell use.

User impactIf installed as-is, the agent may have more local command capability than this keyword-research task appears to need.
RecommendationRemove Bash access unless a specific, reviewed keyword-research CLI is required; if kept, document the exact commands, inputs, and approval boundaries.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceMediumStatusNote
SKILL.md
kw research [keyword]           # full keyword research from seed term

The skill documents a `kw` command interface, but the provided install information says there is no install spec and no required binary, leaving the origin or existence of that command unclear.

User impactThe documented commands may not run, or could depend on whatever `kw` program exists in the user's environment.
RecommendationClarify whether `kw` is only a conversational command syntax or a real executable; if executable, declare its installation source and required binary.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceMediumStatusNote
SKILL.md
kw save [name]                  # save keyword set to memory
kw history                      # show saved keyword sets

The skill implies persistent saved keyword sets and history, which may contain product ideas, competitor ASINs, or marketing strategy, but does not describe retention or deletion controls.

User impactSaved keyword research could reveal business plans or competitive strategy if reused or exposed later.
RecommendationStore only non-sensitive keyword sets unless the skill clearly documents where memory is kept, who can access it, and how it can be deleted.