ClawHub

Amazon Wholesale Sourcing

v1.0.0

Wholesale product sourcing — supplier discovery, negotiation, MOQ optimization, margin analysis

0· 90·0 current·0 all-time
bynexscope-ai@nexscope
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, and SKILL.md all describe the same set of capabilities (supplier discovery, negotiation, MOQ, margin analysis). The skill does not request unrelated credentials or access; it appears intended as advisory only. Note: SKILL.md claims broad marketplace support but does not provide or require API integrations, so it will produce recommendations based on internal logic and web research rather than direct marketplace access.
Instruction Scope
Runtime instructions are limited to collecting user inputs, asking one follow-up, researching, and delivering structured output. 'Research and analyze' is high-level and does not constrain which external sources or tools the agent should use; this open-ended wording gives the agent broad discretion to fetch web data or ask for additional context, so users should be aware it could request or incorporate external info.
Install Mechanism
The registry provides no install spec (instruction-only), which is low risk. However, the SKILL.md includes an 'Install' command that uses 'npx skills add nexscope/amazon-wholesale-sourcing' — that is an out-of-band instruction that would fetch a package from npm if executed. Because the registry itself does not include an install artifact, users should verify the npm package and publisher before running that command.
Credentials
The skill declares no required environment variables, primary credential, or config paths. That is proportionate for an advisory skill and means it does not directly request sensitive tokens or keys.
Persistence & Privilege
always is false and the skill is user-invocable. There is no indication it requests permanent presence or modifies other skills or system-wide settings.
Assessment
This skill is an advisory, instruction-only tool and does not ask for credentials — that's good. Before installing or using it: (1) don't run the 'npx skills add ...' command until you verify the npm package and publisher (nexscope) and inspect the package contents; (2) avoid pasting sensitive business credentials, supplier contracts, or private cost data into the chat; (3) ask the skill how it sources market data (web scraping, public sources, internal heuristics) and request citations for any supplier or price claims; (4) test with non-sensitive examples first to evaluate output quality; and (5) prefer skills that explicitly declare any API integrations and the exact environment variables they need if you want direct marketplace actions.

Like a lobster shell, security has layers — review code before you run it.

latestvk97470cykw75996fk7fks2rxp584gryt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments