ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

eBay Product Research

v1.0.0

Analyze eBay listings to identify profitable products by evaluating prices, sell-through rates, competition, seasonal trends, and sourcing opportunities.

0· 44·0 current·0 all-time
bynexscope-ai@nexscope
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with analyzing eBay listings. The skill declares no credentials or binaries, which is plausible if it relies on public eBay pages; however the README's Install line instructs running 'npx skills add nexscope/ebay-product-research' even though the registry metadata shows no install spec — an inconsistency that deserves clarification.
!
Instruction Scope
SKILL.md is high-level and lacks concrete data-source or API guidance. It does not request credentials but also doesn't say whether the agent should use the eBay API (which requires keys) or scrape public pages. That vagueness gives the agent wide discretion (potentially to crawl/scrape external sites) without explicit limits or privacy guidance.
!
Install Mechanism
Registry lists no install spec, but SKILL.md tells users to run an npx command that will fetch and execute code from a third party. Running npx on an unreviewed package can execute arbitrary code; the package origin (nexscope/ebay-product-research) should be verified and a formal install spec added to the registry if installation is required.
Credentials
No environment variables or credentials are requested by the skill, which keeps the footprint small. However, eBay API access or authenticated seller interactions commonly need credentials; the absence may indicate reliance on scraping or a missing declaration of required API keys — the skill should explicitly state which data sources it uses and whether any keys are required.
Persistence & Privilege
No elevated persistence requested (always:false) and there are no install-time config writes declared. The skill is instruction-only and does not request permanent presence or system-wide config changes.
What to consider before installing
This skill conceptually matches eBay research, but before installing or running it you should: 1) Verify the 'nexscope/ebay-product-research' package source and inspect its code (npx runs remote code). 2) Ask the author whether the skill uses the eBay API (and would therefore need API keys) or scrapes public pages — scraping can violate terms and privacy. 3) If you must run the npx install, do so in a sandboxed environment and review what the package will execute. 4) Avoid providing unrelated credentials (AWS, GitHub, etc.) and require the maintainer to add a formal install spec and a clear statement of data sources and required permissions. If the maintainer cannot clarify these points, treat the skill as higher risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a3zrw1pqcpny5jtdcy83zmx8406ws

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments