AFOL BrickLink
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a coherent BrickLink API skill, but it needs sensitive OAuth credentials and can make guarded changes to your marketplace data.
Install this only if you intend to let an agent access your BrickLink account through API credentials. Keep OAuth values in environment variables, use dry-run first, approve writes only after checking the exact target and payload, prefer the official BrickLink API base URL, and verify the documented CLI path before running commands.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone installing and using this skill must provide BrickLink API credentials, which can authorize account actions through the CLI.
The skill requires OAuth credentials that can access the user's BrickLink account. This is expected for the stated API integration, but it is sensitive authority.
Required environment variables: export BRICKLINK_API_CONSUMER_KEY=... export BRICKLINK_API_CONSUMER_SECRET=... export BRICKLINK_API_TOKEN_VALUE=... export BRICKLINK_API_TOKEN_SECRET=...
Use a BrickLink token with the minimum permissions needed, keep the variables out of logs and chat, and remove or rotate the token if you no longer use the skill.
If confirmed, the agent can change inventory, order state, feedback, coupons, and private member notes in BrickLink.
The skill can modify or delete marketplace data and post account-facing content. The artifacts also describe confirmation, `--yes`, and `--dry-run` safeguards, making this purpose-aligned but important for users to review.
Mutating operations require explicit user confirmation in the current conversation before execution: `inventory-create`, `inventory-update`, `inventory-delete`, `order-update`, `order-status`, `feedback-create`, `coupon-create`, `member-notes-update`...
Before approving any write, review the dry-run output, exact target ID/user/order, payload summary, and whether the action is reversible.
A user-approved price breakdown may take several minutes and make many BrickLink API calls.
A referenced pricing workflow can consume significant API quota and time, but it includes an approval-gated flow.
The tool makes 200+ API calls and takes several minutes to complete... FIRST CALL: Always call with `approved=false`... SECOND CALL: Only after user confirms, call again with `approved=true`
Only approve this workflow when you are comfortable with the API usage and wait time.
The documented command may fail or require manually invoking the Python file instead.
The supplied manifest lists `scripts/bricklink_cli.py` but not a `scripts/bricklink` wrapper, so the documented command path may not match the included files. This is a usability/provenance note, not evidence of malicious behavior.
Primary interface: `scripts/bricklink`.
Verify the actual executable path before using the skill, and do not run any missing or separately obtained wrapper unless you review its source.