Avito Pro
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a straightforward Avito API reference, but it gives an agent broad power to use Avito credentials to read/send messages and trigger account-changing Avito actions without built-in approval rules.
Review this skill before installing if you plan to give it Avito credentials. It appears to be an instruction-only API reference, not malware, but you should require explicit approval before any write action, especially sending customer messages, uploading images, changing webhooks, or applying paid Avito services.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is given Avito credentials, it could act on customer chats or paid/listing-related services in ways the user did not intend.
The skill documents Avito API operations that can send messages and apply paid/additional account services, but the artifact does not specify user confirmation or limiting rules before these account-changing actions.
Отправить сообщение: POST /messenger/v1/accounts/{user_id}/chats/{chat_id}/messages ... Применение доп. услуг (VAS): POST /vas/v1/accounts/{user_id}/vasUse this skill only with explicit per-action approval for message sending, image uploads, webhook changes, and VAS/service application; prefer read-only scopes unless a write action is specifically requested.
Anyone or any agent with these tokens may be able to read account data or perform actions allowed by the granted Avito scopes.
The skill requires Avito OAuth credentials and bearer tokens, which is expected for this API integration, but those credentials grant real account access.
client_id: Ваш Client ID ... client_secret: Ваш Client Secret ... Все запросы должны содержать заголовок Authorization: Bearer <ACCESS_TOKEN>
Keep Client Secret and access tokens out of chat history when possible, grant only the minimum required scopes, and revoke or rotate tokens after use.
If configured with the wrong destination, Avito chat events could be sent to an unintended or untrusted server.
Webhook endpoints are part of the documented Avito messenger integration and can create an ongoing channel for chat events to a configured callback endpoint.
Вебхуки (Webhooks): Подписка: POST /messenger/v1/webhook; Отписка: POST /messenger/v1/webhook/unsubscribe
Only subscribe webhooks to callback URLs you control, document the destination, and unsubscribe when the integration is no longer needed.