ClawHub

Amazon Review Intelligence Extractor

v1.0.1

Deep consumer insights from 1B+ pre-analyzed Amazon reviews. Extracts pain points, buying factors, user profiles, usage patterns, and differentiation opportu...

0· 104·0 current·0 all-time
by@apiclaw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description claim review analysis via the APIClaw service and the skill only requires an APIClaw API key and invokes APIClaw endpoints. The included script and SKILL.md enumerate and use the same 11 APIClaw endpoints described in the README and references, which is proportionate to the stated capability.
Instruction Scope
Runtime instructions direct the agent to call the apiclaw API endpoints (via the provided scripts/apiclaw.py) and to only report API-returned insights. The script reads APICLAW_API_KEY from the environment or an optional local config.json in the skill directory; it does not attempt to read unrelated system paths or other environment variables. Network calls are to the declared base URL (api.apiclaw.io), which matches the skill's purpose.
Install Mechanism
No install spec is present (instruction-only with a bundled script). That minimizes install-time risk; the included Python script will be executed by the agent when invoked but is not installed from a remote, untrusted URL.
Credentials
Only APICLAW_API_KEY is declared/required and is necessary for authenticating to the APIClaw service. The script also optionally reads config.json inside the skill directory to obtain the same key—this is consistent with typical CLI behavior and is justified by the skill's functionality.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide agent settings. It may read/write a config.json under its own skill directory (to store the API key) which is a normal local preference behavior.
Assessment
This skill legitimately needs only an APIClaw API key and will send requests to api.apiclaw.io. Before installing, review and be comfortable with: (1) granting the APICLAW_API_KEY (consider using a limited/ephemeral key), (2) the bundled script files (scripts/apiclaw.py) since the agent will execute them locally, and (3) the fact the script may create/read a config.json in the skill directory to store the key. Do not provide other credentials. If you need stronger assurance, verify the APICLAW provider, inspect the full script for yourself, and consider running it in an isolated environment or with a scoped API key.

Like a lobster shell, security has layers — review code before you run it.

latestvk973t58pe6sc4hn25wbw8y4yhd84rs18

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvAPICLAW_API_KEY
Primary envAPICLAW_API_KEY

Comments