Skill Amazon Listing Optimizer
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: skill-amazon-listing-optimizer Version: 1.0.0 The skill's stated purpose is benign, but the `scripts/push_images.js` file contains a critical path traversal vulnerability. Its temporary HTTP server, exposed on a public IP, uses `path.join(dir, req.url.replace(/^//, ''))` to serve files. This allows an attacker to use `../` sequences in the URL to read arbitrary files from the host system (e.g., `http://<ip>:<port>/../etc/passwd`), which is a significant data exfiltration risk. This is a severe vulnerability, classifying the skill as suspicious rather than benign, but without clear evidence of intentional malicious exploitation by the skill author.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A remote visitor could potentially read local files from the machine running the skill, including nearby credential files such as amazon-sp-api.json.
The public HTTP server serves a filesystem path derived from the request URL without constraining it to the image directory, so path traversal such as ../ could expose files outside the intended folder while the port is open.
const filePath = path.join(dir, req.url.replace(/^\//, '')); ... fs.createReadStream(filePath).pipe(res); ... server.listen(port, '0.0.0.0');
Serve only an allowlist of generated image filenames, resolve and verify paths stay inside the image directory, avoid placing credentials near the served directory, and prefer S3 or pre-signed URLs over a public local file server.
If run with the wrong credentials, broad permissions, or a bad report, the skill can alter live Amazon product listings.
The script reads local Amazon SP-API credentials and uses them to replace live listing image attributes. This is expected for the skill, but it is high-impact account authority.
const CREDS_PATH = process.env.AMAZON_SPAPI_PATH || './amazon-sp-api.json'; ... operation: 'patchListingsItem' ... op: 'replace'
Use least-privilege SP-API credentials, protect the credential file, test on a single SKU first, and review every planned patch before pushing.
A mistaken report, mismatched image file, or broad --all run could update many live listings incorrectly.
The documented full pipeline audits all SKUs and then pushes fixes from the report in bulk, with no documented confirmation, dry-run, backup, or rollback step before live updates.
node scripts/audit.js --all --out report.json python3 scripts/pad_to_square.py ./image_fix/ node scripts/push_images.js --dir ./image_fix/ --from-report report.json
Run SKU-scoped audits first, manually inspect report.json and fixed images, add a dry-run/confirmation gate, and keep backups of previous image URLs for rollback.
Different or compromised dependency versions could change runtime behavior.
The skill asks users to install external packages without pinned versions or a lockfile. This is common setup behavior, but it leaves dependency versions and provenance to the user environment.
pip3 install Pillow npm install amazon-sp-api
Pin dependency versions, use lockfiles or a reviewed package manifest, and install from trusted registries.