ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sellersprite Api

v1.0.0

SellerSprite Product Research — Fetch Amazon market data via SellerSprite API: product research, keyword analysis, competitor lookup, ASIN details, Blue Ocea...

0· 123·1 current·1 all-time
byYang Jun@boyd4y

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for boyd4y/sellersprite-api.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Sellersprite Api" (boyd4y/sellersprite-api) from ClawHub.
Skill page: https://clawhub.ai/boyd4y/sellersprite-api
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install sellersprite-api

ClawHub CLI

Package manager switcher

npx clawhub@latest install sellersprite-api
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (SellerSprite product research) matches the commands and API endpoints described in SKILL.md and references. The required capability — calling SellerSprite endpoints with an API key — is coherent with the stated purpose. However, the registry metadata provided to you earlier lists no required binaries or env vars, while SKILL.md metadata explicitly lists the bun runtime and the @teamclaw/sellersprite-cli package; this metadata mismatch is unexpected.
Instruction Scope
All runtime instructions are limited to running the SellerSprite CLI (bunx @teamclaw/sellersprite-cli) against SellerSprite endpoints and managing a local config secret. The instructions only reference the SELLERSPRITE_SECRET_KEY (optional) and local config; they do not ask the agent to read unrelated system files, other credentials, or to transmit data to unexpected endpoints.
!
Install Mechanism
There is no install specification in the registry (instruction-only), but SKILL.md metadata lists a runtime dependency on bun and a package (@teamclaw/sellersprite-cli). That means running the skill will rely on bunx to fetch and run a third‑party CLI at runtime (dynamic package installation/execution) even though no explicit install/install sources are provided. Dynamic fetching/execution of a package from an unknown author increases risk unless the package origin and code are verified.
Credentials
The only credential referenced is SELLERSPRITE_SECRET_KEY (optional in SKILL.md) used to authenticate to the SellerSprite Open API. This is proportionate to the skill's purpose. No unrelated secrets or broad system credentials are requested.
Persistence & Privilege
The skill does not request always: true and does not appear to modify other skills or request system-wide privileges. It may write a local config (via the CLI's config command) to store the API key, which is expected behavior for a CLI that needs an API key.
What to consider before installing
This skill appears to do what it says (call SellerSprite APIs for Amazon research), but there are two things to check before trusting it: 1) Metadata mismatch: the registry summary shows no required binaries/env vars, yet SKILL.md requires the bun runtime and references the @teamclaw/sellersprite-cli package. Ask the publisher (or the skill registry) to clarify and provide an explicit install spec or a canonical package source. 2) Dynamic execution risk: the SKILL.md expects you to run bunx @teamclaw/sellersprite-cli, which will fetch/execute a third‑party CLI. Only proceed if you trust the @teamclaw/sellersprite-cli package and/or have inspected its repository/release artifacts. If you cannot verify the package, run commands in an isolated environment (VM/container) or request the skill author to include a vetted install spec (e.g., a pinned GitHub release or a vetted package SHA). If you are comfortable providing an API key to this service, limit exposure by using a key with minimal permissions and rotating it if you later uninstall or stop using the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d70qsycp6cxjhfx63vm95yx83m0ce
123downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Yang Jun@boyd4y
latest
Download

SellerSprite Product Research

Fetch Amazon market data via SellerSprite API. Each command calls exactly one API endpoint — compose them as needed.

Quick Start

# Set API key
export SELLERSPRITE_SECRET_KEY="your-secret-key"

# Browse top categories
bunx @teamclaw/sellersprite-cli market

# Research products by keyword
bunx @teamclaw/sellersprite-cli product --keyword "wireless earbuds"

# Get ASIN details
bunx @teamclaw/sellersprite-cli asin --asin B08N5WRWNW

# Check remaining quota
bunx @teamclaw/sellersprite-cli quota

Commands

CommandAPI EndpointDescription
market/v1/market/researchMarket/category research
product/v1/product/researchProduct research by keyword
competitor/v1/product/competitor-lookupCompetitor lookup by ASIN
asin/v1/asin/{market}/{asin}/with-coupon-trendASIN details + coupon trend
keyword/v1/keyword-researchKeyword research
quota/v1/visitsCheck API quota
configLocal config management

Options

OptionApplies toDescriptionDefault
--keyword <kw>product, keywordSearch keyword(required)
--asin <asin>competitor, asinTarget ASIN(required)
--marketplace <code>all data commandsMarketplace codeUS
--month <yyyyMM>product, competitor, keywordQuery monthlatest
--page <n>marketPage number1
--size <n>market, product, competitor, keywordResults per page (max 100)20/50
--format <format>all commandstext or jsontext

References

Detailed specs in references/ directory:

  • references/api-endpoints.md — API parameters, response fields, computed stats, rate limits
  • references/marketplace-codes.md — Supported marketplaces with currencies
  • references/error-handling.md — Error types, unauthorized quota tips, module mapping

Comments

Loading comments...