Real-time Amazon Data
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only Canopy API helper for Amazon product data, with the main consideration being that it needs a Canopy API key and sends queries to a third-party API.
This skill appears safe for its stated purpose if you intend to use Canopy for Amazon product data. Before installing, independently verify the Canopy API endpoint, use a dedicated or limited API key, and be mindful that product searches and API usage are sent to Canopy and may affect quota or billing.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your product identifiers, search terms, and related request parameters may be sent to Canopy, and repeated calls may affect your API usage or billing.
The skill directs the agent to make external REST API requests to Canopy. This is central to the stated purpose and uses read-only examples, but it can transmit query parameters and consume API quota.
BASE_URL = "https://rest.canopyapi.co" ... response = requests.get(f"{BASE_URL}/api/amazon/product", headers=HEADERS, params={...})Use the skill only for intended product-data lookups, review request parameters before sending sensitive business queries, and monitor API usage limits.
An agent using this skill can make Canopy API calls under your API key, which may consume quota or incur cost depending on your Canopy plan.
The skill requires a Canopy API key and uses it in request headers. This is expected for the integration, but it grants access to the user's Canopy account or quota.
export API_KEY="your_api_key_here" ... HEADERS = {"API-KEY": API_KEY}Use a limited or dedicated Canopy API key where possible, avoid placing the key in shared logs or transcripts, and revoke or rotate it if no longer needed.
There is less publisher or source context for deciding whether to trust the documented endpoint and setup guidance.
The artifact does not include executable code, but the registry metadata provides limited provenance for the instructions and API integration.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Verify the Canopy API domain and documentation independently before entering or using an API key.