Amazon Reviews Api Skill
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent for extracting Amazon reviews, but users should note that it uses a BrowserAct API key, sends requests to BrowserAct, and may poll the remote task for several minutes.
This skill looks safe for its stated purpose. Before installing, confirm you are comfortable using BrowserAct for the review extraction, sharing the requested ASIN with that provider, and spending any API quota or credits tied to your BrowserAct API key.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this skill requires providing or configuring a BrowserAct API key, which may allow API usage billed or attributed to the user.
The skill requires a BrowserAct API key. This credential use is expected for the stated API integration, but it gives the script delegated access to the user's BrowserAct account/API quota.
requires":{"bins":["python"],"env":["BROWSERACT_API_KEY"]}Use a dedicated BrowserAct key with appropriate limits if available, and rotate it if it is accidentally shared.
The ASIN being researched and the API request metadata are shared with BrowserAct while the task runs.
The script sends the ASIN and authorization header to BrowserAct's external API to run the hosted review workflow. This is disclosed and central to the skill's purpose.
requests.post(f"{API_BASE_URL}/run-task-by-template", json=payload, headers=headers)Avoid using the skill for product research you do not want shared with BrowserAct, and review BrowserAct's data handling terms if confidentiality matters.
A stuck or slow remote task could keep the command running and continue polling until stopped.
The script polls the remote task in a loop until it is finished, failed, or canceled. This matches the documented long-running workflow, but there is no hard timeout in the code.
while True:
try:
status_res = requests.get(f"{API_BASE_URL}/get-task-status?task_id={task_id}", headers=headers).json()Monitor long runs and stop the process manually if it does not progress within a reasonable time.