ClawHub
Back to skill
v1.2.0

Amazon Review Advisor

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:44 PM.

Analysis

This instruction-only skill provides Amazon review analysis and response guidance without code or credential access, though users should verify Amazon-policy advice and note minor provenance/version inconsistencies.

GuidanceBefore installing, note that this is a text-only advisory skill. It does not access your Amazon account or run code, but you should verify any buyer-message, review-request, or reporting template against current Amazon Seller Central rules and avoid pasting unnecessary buyer personal data.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation
SeverityLowConfidenceHighStatusNote
references/response-templates.md
## 二、私信跟进模板(差评后48小时内) ... "I noticed your recent review and wanted to personally reach out."

The skill provides buyer follow-up messaging tied to negative reviews. This is disclosed and avoids asking for review changes, but sellers may over-trust the templates as compliant without checking current Amazon rules.

User impactA seller could send buyer messages or review invitations that affect marketplace compliance if they use the templates without verifying Amazon's current policies.
RecommendationUse only Amazon-permitted channels, keep messages neutral, never request review edits or offer incentives, and confirm current Seller Central policy before sending.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
clawhub.yaml
version: "1.0.1" ... homepage: https://clawhub.com/skills/amazon-review-advisor ... repository: https://github.com/clawhub/amazon-review-advisor

The included package metadata differs from the supplied registry metadata, which lists version 1.2.0 with source unknown and homepage none. With no code or install steps, this is a provenance consistency note rather than a runtime-risk concern.

User impactIt may be harder to verify the exact publisher, release lineage, or repository for this skill.
RecommendationIf provenance matters, confirm the package owner and repository before relying on it in production workflows.