Amazon Product Search Api Skill
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to do what it claims—run a BrowserAct workflow to collect Amazon product search results—but it uses your BrowserAct API key and an external workflow template.
Before installing, confirm that you trust BrowserAct and the referenced workflow template, set BROWSERACT_API_KEY securely, and be aware that searches may use BrowserAct quota and send your search terms to the BrowserAct API.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill may use the user’s BrowserAct account and potentially consume paid quota or expose the key if the user pastes it into chat instead of setting it securely.
The script uses a BrowserAct API key as a bearer token to start and poll workflow tasks. This is expected for the stated integration, but it gives the skill access to the user’s BrowserAct account/quota.
api_key = os.getenv("BROWSERACT_API_KEY") ... headers = {"Authorization": f"Bearer {api_key}"}Set the key as an environment variable when possible, avoid pasting secrets into shared chats, and rotate the BrowserAct key if it is accidentally exposed.
The user is trusting BrowserAct and the referenced template to perform the advertised Amazon product search workflow.
The script depends on a hardcoded remote BrowserAct workflow template. That is consistent with the skill’s purpose, but the actual remote template behavior is not contained in the local artifact.
TEMPLATE_ID = "77809217106347580" API_BASE_URL = "https://api.browseract.com/v2/workflow"
Verify that the BrowserAct account, provider URL, and template ID are expected before using the skill, especially if using it for business data collection.
A slow or stuck remote task could keep the command running and continue occupying the agent’s terminal session until stopped.
The script polls the remote task until it reaches a finished, failed, or canceled status. This is normal for asynchronous browser automation, but there is no explicit maximum polling duration in the code.
while True:
...
time.sleep(10)Use reasonable product limits, monitor long-running tasks, and stop the process manually if it appears stuck beyond the expected runtime.