ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Amazon Fba Calculator

v0.1.0

Amazon FBA Calculator - Complete fee breakdown and profit analysis

0· 65·0 current·0 all-time
byHenk Nie@phheng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the provided code and SKILL.md: an FBA fee/profit calculator. The declared requirements (no env vars, no binaries, no installs) are appropriate for a local Python script.
Instruction Scope
SKILL.md instructs running the included Python script with optional JSON input — this is scoped to the calculator task. However the distributed file contents in the bundle were truncated in the review input (ellipsis present), so we could not inspect the entire runtime logic to confirm it contains only pure computation.
Install Mechanism
No install spec and no external packages declared — lowest-risk distribution model (instruction-only + included script).
Credentials
No environment variables, credentials, or config paths are requested or required. That is proportionate for a local calculator.
Persistence & Privilege
Skill is not always-enabled and does not request elevated or persistent privileges. Nothing in the manifest indicates modification of other skills or system-wide settings.
What to consider before installing
The skill looks coherent and likely safe: it defines an FBA calculator, includes a Python script, and requests no secrets. However the provided source was truncated in the review input, so you should (1) review the full scripts/calculator.py contents yourself to ensure there are no network calls (requests, urllib, socket), subprocess usage (subprocess, os.system, popen), file exfiltration, or hidden endpoints; (2) run the script in a sandboxed environment before giving it real data; (3) check the full SKILL.md and script for any telemetry or phone-home behavior; and (4) prefer code from an identifiable, trusted homepage or repository — absence of a known source increases risk. If you want, provide the full calculator.py file and I will re-check it thoroughly.

Like a lobster shell, security has layers — review code before you run it.

latestvk97571a253vv86zfbst6paq2rh83eww1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments