Amazon Seller Zh
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill matches Amazon seller automation, but it points the agent toward broad Amazon seller, ads, inventory, and order APIs without clear credential declarations, scopes, or approval rules for account-changing actions.
Review this skill carefully before connecting it to an Amazon seller account. It may be useful for seller operations, but only grant the minimum Amazon permissions needed, keep it read-only by default, and require explicit approval before pricing, advertising, inventory, or order changes.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to real Amazon account tools, the agent could be asked to take or recommend actions affecting ads, listings, inventory, orders, and revenue without clear guardrails.
These tools imply access to seller, advertising, inventory, and order operations. The artifact does not define safe action boundaries, approval requirements, read-only defaults, or limits for high-impact account operations.
## Tools Required - amazon_sp_api - amazon_ads_api - amazon_inventory - amazon_orders
Only use with narrowly scoped Amazon permissions where possible, require explicit confirmation before any changes, and verify that the skill is operating read-only unless you intentionally authorize a specific action.
A user may not realize what Amazon account permissions or delegated authority are needed, and excessive permissions could expose business data or allow account-changing actions.
Full-store automation across inventory, orders, ads, and pricing normally requires privileged Amazon account access, but the provided metadata declares no primary credential or required environment variables, leaving the permission model unclear.
面向跨境电商卖家的亚马逊店铺全流程自动化运营工具,涵盖库存、订单、广告、定价与数据分析。
Before installing, confirm exactly which Amazon account, marketplaces, APIs, and permission scopes will be used, and avoid granting write access unless necessary for a specific confirmed workflow.