Amazon Global Selling
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill appears benign; the only notable item is a user-directed global install command from an external GitHub skill collection that users should verify before running.
This skill looks like a normal advisory prompt for planning international e-commerce expansion. Before installing, verify the external GitHub/Nexscope source referenced by the npx command, especially because the command installs the skill globally.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user runs this command, they are trusting the referenced external skill collection and installing it globally for the skill manager.
The skill documentation includes a user-directed global installation command from an external GitHub skill collection. This is relevant for provenance and supply-chain review, although the provided package itself has no install spec or executable code.
npx skills add nexscope-ai/eCommerce-Skills --skill amazon-global-selling -g
Only run the install command if the repository and publisher are trusted; inspect the referenced source or prefer a pinned/reviewed version when available.