ClawHub
Back to skill
v1.0.0

AI Amazon Seller Intelligence Machine: Find Winning Products, Spy on Competitors and Dominate Any Niche in 30 Minutes

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:39 AM.

Analysis

The skill is coherent for Amazon seller research, but it asks for broad third-party scraping and persistent buyer email/review automation without clear credential, approval, or data-handling boundaries.

GuidanceReview this carefully before installing. Treat it as a high-impact marketing automation skill: confirm any Amazon, Apify, and GetResponse usage complies with platform rules, use scoped credentials, do not import buyer data without consent, and require manual approval before any customer messages or review requests are activated.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Scrape 10 Amazon data sources simultaneously via Apify ... Build automated buyer follow-up via GetResponse

The skill directs use of broad scraping tools and an email automation platform; these are high-impact external actions and the artifact does not show clear rate, compliance, or human-approval limits.

User impactThe agent could help run broad scrapes or prepare customer email campaigns that may violate platform rules, annoy buyers, or harm the seller account if used without review.
RecommendationRequire explicit user confirmation before running scrapers or creating/sending campaigns, and document platform compliance, rate limits, target scope, and review steps.
Rogue Agents
SeverityMediumConfidenceHighStatusConcern
SKILL.md
an automated buyer follow-up system built inside GetResponse to generate reviews on autopilot

The skill describes creating persistent external automations that can continue operating after the initial invocation, but the visible artifact does not define stop conditions or reversibility.

User impactAutomated buyer messages may continue running after setup, potentially sending unwanted communications or creating review-solicitation risk.
RecommendationKeep automations disabled until the user approves them, provide clear pause/delete instructions, and define limits for duration, audience, and message frequency.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceMediumStatusNote
SKILL.md
Powered by: Apify + GetResponse + Claude AI

The skill depends on external service accounts for scraping and email automation, while the registry metadata lists no primary credential or required environment variables.

User impactA user may need to grant Apify or GetResponse account access even though the permission boundary is not reflected in the declared requirements.
RecommendationUse narrowly scoped service credentials, avoid sharing unnecessary account permissions, and ensure the skill clearly documents what access is needed and why.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceMediumStatusConcern
SKILL.md
GetResponse | Buyer email automation, review sequences

Buyer follow-up and review sequences imply customer contact data flowing to a third-party email automation provider, but the artifact does not define consent, retention, storage, or sharing boundaries.

User impactCustomer email or buyer data could be imported into or processed by GetResponse without enough clarity about privacy, consent, or compliance obligations.
RecommendationOnly use opted-in buyer data, document what customer data is sent to GetResponse, and require user review of privacy and compliance settings before activation.