Amazon Listing Image Optimizer

The skill is classified as suspicious due to a significant path traversal vulnerability in `scripts/push_images.js`. This script starts a local HTTP server on a publicly accessible port (`0.0.0.0:8899`) to serve images to Amazon's crawlers. The server's file path construction (`path.join(dir, req.url.replace(/^//, ''))`) is vulnerable to path traversal, potentially allowing an attacker to read arbitrary files from the host system if the server's IP and port are discovered. While the public server is plausibly needed for the stated purpose, this vulnerability, combined with the broad network exposure, poses a high risk of information disclosure. The skill also handles sensitive Amazon SP-API credentials and makes external network calls, but these actions are aligned with its stated purpose and lack clear malicious intent.