Amazon Competitor Analyzer
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is purpose-aligned for Amazon competitor research, but it uses a BrowserAct API key and sends ASIN scraping tasks to a third-party automation service.
This skill appears safe to review as a normal third-party API integration. Before installing, be comfortable with sending ASIN scraping tasks to BrowserAct, keep the BrowserAct API key private, install dependencies deliberately, and choose an output directory where generated CSV/Markdown/JSON reports can be stored.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may consume BrowserAct account quota or billing and depends on keeping the API key secret.
The code reads a BrowserAct API key and uses it as a bearer token for API requests. This is expected for the service integration, but it gives the skill delegated access to the user's BrowserAct account.
BROWSERACT_API_KEY = os.getenv("BROWSERACT_API_KEY", "") ... "Authorization": f"Bearer {self.api_key}"Use a dedicated BrowserAct API key if possible, store it only in environment variables or a local .env file, and rotate it if it is exposed.
The ASINs and scraping tasks are sent to BrowserAct, and results depend on that provider's automation service.
The skill submits user-provided ASINs to BrowserAct's external workflow API for browser automation. This is central to the stated purpose, but users should understand the third-party data flow.
requests.post(f"{API_BASE_URL}/run-task-by-template", json=data, headers=self.headers, timeout=30)Only submit ASINs you are comfortable sending to BrowserAct, and review BrowserAct and Amazon usage policies before relying on automated scraping.
Installation may require manual dependency choices, and the missing sample env file could cause setup confusion.
The setup instructions rely on manual, unpinned package installation and reference a .env.example file that is not included in the provided manifest. This is a setup/provenance gap rather than evidence of malicious behavior.
pip install requests ... pip install python-dotenv ... cp .env.example .env
Install dependencies from trusted package indexes, consider pinning versions in your environment, and create the .env file manually if the example file is absent.