bee-products-create
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with the wrong language, group, images, or product description, it may create an unwanted product in the connected website account.
The skill performs a mutating POST request that creates a product in the connected Bee account. This matches the skill purpose, but incorrect or unintended inputs could still create unwanted catalog content.
await fetch("https://platform.tradew.com/openapis/products/create", { method: "POST", ... body: JSON.stringify(body) })Use it only when you intend to create a product, and confirm the language, product group, product text, images, and tags before invocation.
Anyone or any agent with access to the API key may be able to create products using the permissions granted to that key.
The skill uses a Bee API key as a bearer credential to authenticate product creation requests. This is expected for the integration and there is no evidence of credential logging or unrelated transmission.
"Authorization": `Bearer ${API_KEY}`Store the API key securely, use the least-privileged key available, and rotate it if you suspect it was exposed.
Product text and images supplied to the skill will be transmitted to the Bee/Tradew service for product creation.
The skill can send product descriptions and uploaded image data to the Bee provider API. This data flow is disclosed and aligned with product creation.
`products.upload_images` ... `base64` | Base64 image data ... `products.description` ... Detailed description in HTML
Do not include private, confidential, or unintended image/text content in product fields unless it is appropriate to send to the Bee service.