Amazon Product Compliance
v1.0.0Product compliance and safety — certifications, labeling requirements, restricted substances, documentation
⭐ 0· 94·0 current·0 all-time
bynexscope-ai@nexscope
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name, description, and runtime instructions all focus on product compliance and safety for Amazon marketplaces; nothing requested or required (no env vars, no binaries, no config paths) is inconsistent with that purpose.
Instruction Scope
SKILL.md instructs the agent to collect user product info, ask a concise follow-up, research using internal frameworks, and produce structured output. This is within scope, but 'research and analyze' is open-ended and does not specify allowed data sources or boundaries (e.g., which external sites, whether to request user documents, or to access system files). The instructions do not direct the agent to read local files or environment variables.
Install Mechanism
The registry contains no install spec (instruction-only), which is low risk. The README includes an example 'npx skills add nexscope/amazon-product-compliance' command — that's documentation only, but if a user runs it it would pull code from npm; users should treat that as a separate action and verify the package/source before running.
Credentials
The skill requests no environment variables, credentials, or config paths. There are no disproportionate credential requests relative to the declared functionality.
Persistence & Privilege
always is false, user-invocable and autonomous invocation are default. The skill does not request persistent presence or system-level changes and does not modify other skills' configuration.
Assessment
This skill appears coherent with its stated purpose and does not ask for credentials or change system state. Things to consider before installing or running it: (1) SKILL.md is somewhat vague about what 'research' entails — confirm whether the agent will fetch external websites or ask you to upload sensitive documents. (2) The document shows an 'npx' install command — that is not part of the registry install spec; if you run that yourself it will fetch code from npm, so verify the nexscope package, owner, and repository before executing. (3) Avoid sharing sensitive credentials or proprietary files unless you trust the provider; if you need stronger guarantees, ask the publisher for a source repository or package manifest to review. If you want a stricter assessment, provide the npm package, its source repo, or any runtime logs showing external network access.Like a lobster shell, security has layers — review code before you run it.
latestvk9735v58p9m7pzxp4cwypynpjh84g6xw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.