Amazon Listing Image Optimizer

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill matches its image-optimization purpose, but it can bulk-change live Amazon listings with seller credentials and exposes a public file server with unsafe path handling.

Review and modify this skill before using it on a real seller account. Use test or least-privilege SP-API credentials, keep credential files away from the served image directory, fix the HTTP server path handling, pin dependencies, and do not run `--all` or `--from-report` until you have manually reviewed the report and have a rollback plan.

Static analysis

Env credential access

Critical

Finding: Environment variable access combined with network send.

Env credential access

Critical

Finding: Environment variable access combined with network send.

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI03: Identity and Privilege Abuse

High

What this means

If installed or invoked with real credentials, the skill can act on the seller account, including changing listing data.

Why it was flagged

The script reads a local SP-API credential file and uses a refresh token and client secret for Amazon seller account authority; this is high-impact and is not reflected by the registry's credential declarations.

Skill content

const CREDS_PATH = process.env.AMAZON_SPAPI_PATH || './amazon-sp-api.json'; ... refresh_token: creds.refreshToken ... SELLING_PARTNER_APP_CLIENT_SECRET: creds.lwaClientSecret

Recommendation

Declare the SP-API credential requirement, use least-privilege credentials, store them outside served directories, and require explicit user approval before any write operation.

#ASI02: Tool Misuse and Exploitation

High

What this means

Incorrect files, report entries, or slot selections could update live product listings and affect sales, compliance, or brand presentation.

Why it was flagged

The skill directly calls Amazon's listing patch API to replace image attributes on live listings, but the workflow has no visible confirmation or rollback before applying changes.

Skill content

operation: 'patchListingsItem', endpoint: 'listingsItems' ... op: 'replace', path: `/attributes/${attr}`

Recommendation

Add a dry-run mode, per-SKU and per-slot confirmation, a backup of prior image URLs, and a rollback procedure before enabling live updates.

#ASI07: Insecure Inter-Agent Communication

High

What this means

A publicly reachable run could leak local files, potentially including the default `amazon-sp-api.json` credential file if it is near the served directory.

Why it was flagged

The pusher opens a public unauthenticated HTTP server and serves the requested path without a containment check, so path traversal or guessed filenames could expose files outside the intended image set while Amazon or anyone else can reach the port.

Skill content

const filePath = path.join(dir, req.url.replace(/^\//, '')); ... fs.createReadStream(filePath).pipe(res); ... server.listen(port, '0.0.0.0');

Recommendation

Serve only an allowlist of generated image filenames, resolve and verify paths remain inside the image directory, avoid public unauthenticated listeners, or use signed object-storage URLs instead.

#ASI08: Cascading Failures

Medium

What this means

A single mistake can scale from one SKU to many live Amazon listings.

Why it was flagged

The documented full pipeline can audit all inventory and then apply all report-derived fixes, allowing one bad report or naming mismatch to propagate across many listings.

Skill content

node scripts/audit.js --all --out report.json ... node scripts/push_images.js --dir ./image_fix/ --from-report report.json

Recommendation

Require staged review of the generated report, cap batch size by default, and make bulk updates opt-in with clear prompts.

#ASI04: Agentic Supply Chain Vulnerabilities

Low

What this means

Future package changes or a compromised dependency could affect what runs locally.

Why it was flagged

The setup asks users to install unpinned packages from public package registries. This is purpose-aligned, but it leaves dependency version and provenance to the install environment.

Skill content

pip3 install Pillow
npm install amazon-sp-api

Recommendation

Pin dependency versions, use a reviewed lockfile, and install in an isolated environment.