Scout Commerce

v1.1.0

Search for products on Amazon/shopify and buy with USDC on Solana. Swap tokens using Jupiter.

⭐ 1· 1.6k·1 current·1 all-time

by@xasus1

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name and description (search Amazon/Shopify, buy with USDC on Solana, swap via Jupiter) match the code and runtime behavior: the scripts call scout-api.trustra.xyz endpoints, Solana RPC, and Jupiter tokens metadata. No unrelated cloud credentials or surprising capabilities are requested.

✓

Instruction Scope

SKILL.md instructs the agent to run the included Python scripts and to present images as media. The scripts only access credentials.json (for api_key and wallet), communicate with Scout API, Solana RPC, and the Jupiter tokens metadata endpoint — all within the domain of shopping and swaps. There are no instructions to read arbitrary system files or exfiltrate unrelated data.

ℹ

Install Mechanism

This is instruction- and script-based (no automated install spec). A requirements.txt is provided listing packages (x402, solana, solders, base58) which, if installed, will be fetched from PyPI — a normal dependency flow but worth noting because installing Python packages pulls remote code into your environment.

✓

Credentials

No required environment variables or external credentials are declared beyond an optional SCOUT_API_KEY. The tool legitimately needs an API key and wallet address to perform purchases and swaps; those are stored in credentials.json. No unrelated secrets (AWS, GitHub, etc.) are requested.

ℹ

Persistence & Privilege

The skill writes/reads a local credentials.json to store the api_key, wallet_address, and shipping_profile (expected for a shopping agent). always:false and no global config modifications are present. Storing the API key locally is necessary for operation but increases responsibility for securing that file.

Assessment

This skill appears to do what it claims, but take these precautions before installing or using it: - Verify the API endpoint (https://scout-api.trustra.xyz) is the trusted service you intend to use. If you don't trust that server, do not register or fund the wallet. - The get_api_key flow registers you and stores an API key + wallet_address in credentials.json; keep that file private (restrict filesystem permissions) or set SCOUT_API_KEY as an environment variable instead. - Do not fund the returned wallet address with significant funds until you've audited the service and tested small amounts. - Installing requirements.txt will pull packages from PyPI (x402, solana, solders). Prefer running inside an isolated virtual environment or disposable VM/container. - Review the code yourself (or have someone you trust do so) if you plan to use it for real purchases: network calls go to scout-api.trustra.xyz, Solana RPC (api.mainnet-beta.solana.com), and Jupiter tokens metadata (tokens.jup.ag) which is expected but worth confirming. - If you want tighter control, avoid saving credentials.json and pass SCOUT_API_KEY via the environment when invoking scripts.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f49x1f1q40cqt7dv9d3b71n80h55s

1.6kdownloads

1stars

2versions

Updated 1mo ago

v1.1.0

MIT-0

Scout 🛒

Buy from Amazon & Shopify with USDC. Swap tokens via Jupiter. US shipping only.

Presenting Products (Important!)

Search results: For each recommended product, send the image as actual media (not markdown links) with the product details as the caption. One product per message so images render properly.

Product details: When showing details, send images as media attachments alongside the text. The API returns images in the same response — use them immediately, don't make the user ask.

Why: Markdown image links (![](url)) don't render on Telegram/messaging platforms. Always send images as actual media using the message tool with media parameter, or via inline if supported.

Quick Reference

Setup (once) → python get_api_key.py --email ... --address "..."

Find products → python search.py "gaming mouse under $50"

Get Product details → python product.py amazon:B07GBZ4Q68

Check Wallet balance → python balance.py (shows all tokens)

Buy product → python buy.py amazon:B07GBZ4Q68

Check order → python order_status.py ord_abc123

List orders → python order_status.py --list

Swap tokens → python swap.py SOL USDC 5 (min $5)

Get swap quote → python swap.py --quote SOL USDC 5

List wallet tokens → python swap.py --list

All commands run from scripts/ folder. API key loads automatically from credentials.json.

Setup (one-time)

python get_api_key.py --email <EMAIL> --address "<NAME>,<STREET>,<CITY>,<STATE>,<ZIP>,<COUNTRY>"

Creates a Crossmint wallet + API key and stores them in credentials.json. Fund the wallet with USDC to buy.

Keep API key secure - it authorizes transactions from your wallet.

Commands

Command	Usage
Search	`python search.py "query"`
Details	`python product.py amazon:B07GBZ4Q68`
Balance	`python balance.py` (all tokens) or `balance.py --usdc`
Buy	`python buy.py amazon:B07GBZ4Q68`
Orders	`python order_status.py --list` or `order_status.py <orderId>`
Swap	`python swap.py SOL USDC 5` (min $5 for gasless)
Quote	`python swap.py --quote SOL USDC 5`
Tokens	`python swap.py --list`

Supported tokens: SOL, USDC, USDT, BONK, TRUST — or use any mint address directly.

Workflow

No credentials? → get_api_key.py (creates wallet + API key)
No balance? → Fund wallet address shown by balance.py
Ready to buy → buy.py <locator>

Errors

Error	Fix
`INSUFFICIENT_BALANCE`	Fund wallet (`balance.py` shows address)
`No API key found`	Run `get_api_key.py`
`OUT_OF_STOCK`	Search for alternatives
`OVER_LIMIT`	Max $1,500 per order

Credentials (`credentials.json`)

{
  "api_key": "scout_sk_...",
  "wallet_address": "FtbC9x5...",
  "shipping_profile": { "email": "...", "address": "..." }
}

Never share the API key.

Comments

Loading comments...