Back to skill
Skillv1.0.0
ClawScan security
Amazon FBA Margin Calculator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 9, 2026, 11:16 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and required inputs align with its stated purpose (local FBA fee/margin estimation) and it does not request credentials, network access, or unexpected system privileges.
- Guidance
- The skill appears coherent and safe for local use: it only performs math on product fields and writes reports. Before running, review calc.js (already included) yourself and run it on non-sensitive sample data. Be mindful of the output path to avoid overwriting files. Note that fee figures are estimates—verify final numbers in Amazon Seller Central before making sourcing/ordering decisions.
Review Dimensions
- Purpose & Capability
- okName/description (Amazon UAE FBA margin calculator for CJ Dropshipping items) match the provided files: SKILL.md describes CLI usage and calc.js implements local price/fee calculations and ranking. No unrelated credentials, binaries, or services are requested.
- Instruction Scope
- okRuntime instructions and the JS entrypoint are scoped to reading input JSON (file or stdin), performing local math (currency conversion, fee tiers), and emitting markdown/JSON. The script only reads the specified input or /dev/stdin and writes output files when asked; it does not read arbitrary system files, environment variables, or send data externally.
- Install Mechanism
- okNo install spec; this is instruction-only with one local Node.js script. There are no downloads, package installs, or archive extraction steps in the bundle.
- Credentials
- okNo environment variables, credentials, or config paths are required. The script uses only provided CLI flags, input file or stdin, and default constants (exchange rate, defaults) as documented.
- Persistence & Privilege
- okSkill is not marked always:true, does not modify other skills or system-wide agent settings, and only writes output files that the user specifies with --output. It does not persist credentials or alter agent configuration.