Amazon Product Api Skill
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent BrowserAct-based Amazon product lookup skill, but it uses a BrowserAct API key and sends search parameters to BrowserAct.
This skill looks reasonable for Amazon product research. Before installing, make sure you trust BrowserAct with your search queries, use a revocable API key stored in the environment, and review the included Python script if you are concerned about local execution.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run a local Python process that calls BrowserAct and waits for results; the reviewed script does not show destructive local behavior.
The skill works by having the agent run the included Python script. This is disclosed and central to the stated purpose, but it is still local command execution.
python -u ./scripts/amazon_product_api.py "keywords" "brand" pages "language"
Review the included script before use, run it from the intended skill directory, and keep the search arguments user-directed.
Use of this skill may consume BrowserAct API quota or incur account activity associated with the supplied key.
The script reads a BrowserAct API key and sends it as a bearer token to BrowserAct. This is expected for the integration, but it grants access to the user's BrowserAct account or quota.
api_key = os.getenv("BROWSERACT_API_KEY") ... headers = {"Authorization": f"Bearer {api_key}"}Use a dedicated, revocable BrowserAct API key stored as an environment variable, and avoid pasting long-lived secrets into chat when possible.
BrowserAct will receive the user's product research queries and process the resulting workflow.
The script sends the search keywords, brand, page count, language, and authorization header to BrowserAct's workflow API. This provider data flow is disclosed and purpose-aligned.
API_BASE_URL = "https://api.browseract.com/v2/workflow" ... requests.post(f"{API_BASE_URL}/run-task-by-template", json=payload, headers=headers)Only use the skill for searches you are comfortable sending to BrowserAct, especially if the queries reveal confidential market research.