Skill Amazon Spapi
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: skill-amazon-spapi Version: 1.0.1 The skill bundle is designed to interact with Amazon SP-API, which is its stated purpose. It reads sensitive credentials from a local file (`amazon-sp-api.json`) and performs legitimate API calls. However, the scripts `scripts/inventory.js`, `scripts/listings.js`, and `scripts/orders.js` accept an `--out` argument for writing output files. This argument is not sanitized, making the skill vulnerable to path traversal (e.g., `node scripts/inventory.js --out ../../../tmp/output.json`). While this is a vulnerability that could be exploited by a compromised or poorly designed AI agent, there is no clear evidence of intentional malicious behavior by the skill itself, such as data exfiltration to unauthorized endpoints, persistence mechanisms, or harmful prompt injection attempts.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent invocation or mistaken command could change a live product price on Amazon, potentially affecting sales, revenue, and customer-facing listings.
The script directly patches a live Amazon listing price from command-line arguments, with no confirmation prompt, price bounds, dry-run mode, allowlist, or rollback mechanism.
operation: 'patchListingsItem', endpoint: 'listingsItems', ... path: '/attributes/purchasable_offer', ... value_with_tax: parseFloat(price)
Require explicit user confirmation before any update, add dry-run output, enforce minimum/maximum price limits, validate marketplace/currency, and log changes with a rollback procedure.
Installing and using the skill gives the agent access to sensitive seller-account operations such as orders, inventory, listings, and pricing.
The skill requires long-lived Amazon SP-API credentials tied to a seller account, but the artifacts do not state required SP-API role scopes or restrict the credential to read-only use despite including price-update functionality.
"lwaClientSecret": "YOUR_CLIENT_SECRET", "refreshToken": "Atzr|YOUR_REFRESH_TOKEN", "marketplace": "YOUR_MARKETPLACE_ID", "sellerId": "YOUR_SELLER_ID"
Use the least-privileged SP-API app roles possible, keep the credential file outside shared workspaces with restrictive permissions, and disclose the credential requirement in metadata.
The installed dependency version may vary over time, which can affect behavior and supply-chain risk.
The skill depends on a remote npm package without a pinned version or lockfile in the provided artifacts. This is expected for an SP-API integration, but it leaves dependency version/provenance to the install environment.
npm install amazon-sp-api
Pin the amazon-sp-api package version, use a lockfile, and install from a trusted package registry.