v1.0.3

Amazon Brand Shield

BenignClawScan verdict for this skill. Analyzed May 3, 2026, 12:57 AM.

Analysis

This appears to be a local Amazon brand-protection helper, but users should verify the install provenance and keep explicit control over any test purchases or Amazon reports.

GuidanceThis skill looks suitable as a local brand-protection and template generator. Before installing, verify the remote install command and metadata mismatch, and make sure the agent never completes purchases, sends cease-and-desist messages, or submits Brand Registry complaints without your explicit review and approval.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

SKILL.md

Recommendation: Consider test purchase (requires explicit user approval)

The skill's brand-protection workflow can involve buying products for evidence and submitting complaints, which are high-impact actions, but the artifact explicitly calls for user approval.

User impactIf misused, the agent could spend money or initiate account-impacting brand reports, even though the intended workflow is user-approved.

RecommendationOnly allow test buys, complaint submissions, or seller contact after you have reviewed the evidence and explicitly approved the specific action.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

SKILL.md

npx skills add nexscope-ai/eCommerce-Skills --skill brand-protection-amazon -g

The skill is listed as amazon-brand-shield, while the install command references a different repository/skill name and performs a global install; this is a provenance detail users should verify.

User impactRunning the install command without checking it could install or update a different global skill than expected.

RecommendationVerify the repository, owner, slug, and version before running the npx install command, especially because the registry source/homepage are not provided.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

scripts/templates.py

1. Log into Brand Registry: https://brandregistry.amazon.com/

The templates guide use of an Amazon Brand Registry account and include brand/trademark/contact fields; this is expected for the purpose, but it involves privileged account activity.

User impactUsing these templates may require Amazon account access and brand ownership details.

RecommendationDo not paste passwords or session tokens into the agent, and submit Brand Registry reports yourself unless you have explicitly authorized the agent to assist.