ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Brand Protection Ebay

v0.1.0

eBay brand protection toolkit. Detect unauthorized sellers, counterfeits, and VeRO violations. Includes price monitoring, trademark abuse detection, VeRO com...

0· 71·0 current·0 all-time
byHenk Nie@phheng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill is advertised as an eBay/VeRO toolkit, but the included code and templates use Amazon terminology (ASIN, Amazon Brand Registry, Amazon Buyer-Seller Messaging). There are no required eBay credentials, no API usage, and no network client in the code to fetch eBay listings — so the requested capabilities (automated eBay monitoring) are not supported by the provided artifacts.
!
Instruction Scope
Runtime instructions ask the agent/user to run scripts (detector.py, templates.py) but give no guidance on how to obtain listing data from eBay. The detector and template code expect Amazon-style identifiers/fields (ASIN, Amazon complaint flows), so following the SKILL.md will likely produce Amazon-focused outputs while claiming eBay relevance. The instructions do not direct reading of unrelated system files or secrets, but they implicitly require the user to supply data in a format the scripts expect.
Install Mechanism
No install spec or external downloads. The skill is distributed with two Python scripts that run locally. That reduces supply-chain risk (nothing fetched at install time), though executing included code still carries the normal local-execution risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. The code does not import obvious network libraries in the provided excerpts, and no secrets are requested — environment/credential requests appear proportionate (none).
Persistence & Privilege
The skill is not configured as always-enabled and is user-invocable. It does not request elevated persistence or attempt to modify other skills or system-wide settings in the provided materials.
What to consider before installing
This package is internally inconsistent: it markets itself for eBay/VeRO but the code and templates are Amazon-centric (ASINs, Amazon Brand Registry). Before running anything, review the scripts line-by-line and confirm they operate only on local data you supply. If you expect automated eBay monitoring, ask the author how the skill obtains eBay listings (e.g., eBay API credentials or scraper) — that capability is missing. Run the code in an isolated environment (sandbox or VM) until you verify there are no unexpected network calls or data exfiltration. If you need eBay-specific templates or flows, request or look for a version that explicitly supports eBay/VeRO rather than Amazon.

Like a lobster shell, security has layers — review code before you run it.

latestvk9786m2245y7t45z66nmnqsva1839ynd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments