Amazon Review Checker
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a local Amazon review analysis helper, with a few install and HTML-reporting cautions users should notice.
This skill is reasonable for local review analysis. Before installing, verify the source you are installing from; if you use the HTML report feature, be aware it loads Chart.js from a CDN and should escape dynamic content before opening reports built from untrusted text.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user relies on the external repository state at install time, so the installed content could differ from the reviewed artifacts if the source changes.
The documented install command pulls from an external skill source and installs globally without a pinned version or commit in the instruction.
npx skills add nexscope-ai/eCommerce-Skills --skill amazon-review-checker -g
Install only from a trusted source, prefer pinned versions or commits when available, and review the installed files before use.
Opening a generated report depends on remote JavaScript; a compromised or changed CDN dependency could affect the report page.
Generated HTML reports load Chart.js from a third-party CDN, apparently without a pinned version or integrity check.
<script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
Pin the Chart.js version and add Subresource Integrity, or bundle a reviewed local copy for offline reports.
A maliciously crafted value included in a report could potentially affect the local HTML page when opened.
The HTML report template interpolates dynamic values directly into HTML. If untrusted strings reach these fields, a browser may interpret injected markup.
<title>Review Analysis Report - {asin}</title> ... <strong>Summary:</strong> {summary}HTML-escape dynamic report fields and render review-derived content with safe text APIs rather than raw HTML interpolation.