Brand Protection Ebay
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is advertised as an eBay brand-protection toolkit, but its included scripts and templates are largely Amazon/ASIN/Brand Registry focused, which could mislead users into wrong enforcement actions.
Install only if you are comfortable reviewing the scripts yourself. Before using the outputs, confirm whether you need eBay VeRO materials or Amazon Brand Registry materials, because the included code appears Amazon-focused despite the eBay description.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user expecting eBay brand-protection help may receive Amazon-specific complaint language and process steps, potentially leading to incorrect reports, ineffective takedowns, or inappropriate legal notices.
The registry and SKILL.md describe an eBay/VeRO toolkit, but the included complaint template points users to Amazon Brand Registry and ASIN-based reporting. This platform mismatch could cause users to trust and use the wrong enforcement workflow.
**Platform**: Amazon Brand Registry Portal
**URL**: https://brandregistry.amazon.com/
...
**ASIN**: {info.asin}Treat this skill as needing review before use. Confirm whether it is intended for eBay or Amazon, and do not file complaints or send legal notices generated by it without platform-specific and legal verification.
Following the generated guidance could affect third-party sellers or trigger platform/legal processes.
The skill recommends high-impact enforcement actions. The artifacts do not show automatic filing or account mutation, so this is purpose-aligned guidance, but users should not let an agent carry it out without review.
| 🔴 High | Immediate threat | File VeRO within 24h |
Use the output as a draft only; verify evidence, seller identity, platform rules, and legal wording before submitting or sending anything.
Installing from an external source could run or add code that differs from the reviewed artifacts if the repository changes.
The install instructions direct users to install globally from an external repository via npx. This appears user-directed and expected, but provenance should be checked because the registry lists the source as unknown and no homepage is provided.
npx skills add nexscope-ai/eCommerce-Skills --skill brand-protection-ebay -g
Verify the repository owner and contents before running the install command, and prefer pinned or reviewed releases where available.