ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Product Research

v1.0.0

Conducts Amazon product research by analyzing market size, competition, profit margins, competitors, and risks to provide GO/NO-GO recommendations.

0· 61·0 current·0 all-time
by@beyondbright

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for beyondbright/walter-product-research.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Product Research" (beyondbright/walter-product-research) from ClawHub.
Skill page: https://clawhub.ai/beyondbright/walter-product-research
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install walter-product-research

ClawHub CLI

Package manager switcher

npx clawhub@latest install walter-product-research
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to perform Amazon product research and the code implements that using a data layer and SellerSprite API. However the package metadata declares no required environment variables or credentials even though the SKILL.md and code depend on an external data layer (unified_data_layer_v2) and SellerSprite API access. Not declaring the needed API credentials is an inconsistency.
!
Instruction Scope
SKILL.md describes a bounded analysis workflow and the code follows it. However the runtime code injects a sys.path entry that points three directories up into a 'scripts' folder to import unified_data_layer_v2, which means the skill will try to import code from outside its own bundle at runtime — this increases the attack surface and can cause the agent to execute unexpected code. The instructions do not disclose where the data layer will send network requests or which credentials it expects.
Install Mechanism
There is no install spec (instruction-only with included code files). Nothing is downloaded at install time. Risk comes from runtime imports and the external data-layer dependency rather than an installer.
!
Credentials
No environment variables or primary credential are declared, yet the SKILL.md lists 'SellerSprite API access' as a dependency and the code calls external APIs via a data layer. This mismatch means the skill will likely require API keys/credentials that are not declared or explained, which is disproportionate and opaque.
Persistence & Privilege
The skill does not request persistent/always-on presence (always:false) and does not modify agent/system configuration in the provided code. The main privilege-related risk is autonomous runtime network access via the external data layer, not persistent installation.
What to consider before installing
This skill implements an Amazon product-research workflow but relies on an external 'unified_data_layer_v2' and SellerSprite API. Before installing or running it: (1) ask the author to declare required environment variables (API keys/tokens) and document endpoints; (2) request and review the unified_data_layer_v2 and sellersprite_mcp source to confirm where requests go and how credentials are used; (3) note the code alters sys.path to import modules from parent directories — run it in a sandbox or isolated environment to avoid importing unexpected code; (4) do not provide production API credentials until you verify the data-layer code and the remote endpoints; and (5) if you can't review the missing modules, prefer a safer alternative or ask the publisher to bundle audited connectors and declare required env vars in the skill manifest.

Like a lobster shell, security has layers — review code before you run it.

latestvk976tx4405jahc82r76mnqk6k584rqpb
61downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@beyondbright
latest
Download

亚马逊选品调研

核心问题

"我这个想法能不能做?"

用户交互

输入

用户: "我想做沙滩裤"
用户: "women active shorts能不能做"
用户: "分析下这个市场"

输出

[选品调研报告]

[Decision] GO / CAUTION / NO-GO
[Score] 72/100

├─ 市场容量: 640,240 units/月
├─ 竞争程度: CR3=63% (高)
├─ 市场趋势: +8.5%/月 (上升)
├─ 利润空间: $2.08/unit (8.3%)
└─ 风险提示: 高品牌集中度

[详细报告] [竞品分析] [生成Listing]

分析流程

Step 1: 快速扫描 (30秒)

  • 机会评分 (0-100)
  • 市场容量评估
  • 竞争程度评估
  • 趋势判断

Step 2: 市场分析

  • 品牌集中度 (CR3/CR5)
  • 价格带分布
  • 头部玩家分析

Step 3: 利润测算

  • 定价建议
  • 成本结构分解
  • 利润优化场景

Step 4: 竞品发现

  • Top 5 竞品
  • 各竞品基础数据
  • 差异化机会

Step 5: 风险评估

  • 高风险因素
  • 中风险因素
  • 进入建议

技术实现

class ProductResearch:
    def analyze(self, keyword: str, price: float = None, cost: float = None) -> Dict:
        """
        选品调研完整流程
        """
        # 1. 快速扫描
        scan = self.quick_scan(keyword)
        
        # 2. 市场分析
        market = self.analyze_market(scan['node_id'])
        
        # 3. 利润测算
        profit = self.calculate_profit(price, cost)
        
        # 4. 竞品发现
        competitors = self.discover_competitors(keyword)
        
        # 5. 风险评估
        risks = self.assess_risks(scan, market)
        
        return {
            'decision': scan['recommendation'],
            'score': scan['score'],
            'market': market,
            'profit': profit,
            'competitors': competitors,
            'risks': risks
        }

依赖

  • unified_data_layer_v2.py - 统一数据层
  • sellersprite_mcp.py - MCP客户端
  • SellerSprite API access

版本

V1 - 2026-04-13

  • 第一版发布
  • 场景: 选品调研

Comments

Loading comments...