Listing Image Optimizer
Security checks across malware telemetry and agentic risk
Overview
This skill mostly matches its Amazon image-optimization purpose, but it uses seller credentials to change live listings and exposes a public temporary file server that could leak unintended local files.
Review carefully before installing. Use a test or single-SKU workflow first, inspect every generated fix before pushing, avoid bulk updates until a confirmation/dry-run step exists, and do not expose the temporary HTTP server until path validation is fixed. Keep Amazon SP-API credentials outside the working tree and served image directory, pin dependencies, and ignore the missing `fix_title.js` instruction unless that code is separately provided and reviewed.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using the skill means giving it credentials capable of accessing and changing an Amazon seller account.
The skill requires long-lived Amazon SP-API seller credentials even though the registry metadata declares no primary credential or required environment variable.
"lwaClientSecret": "YOUR_CLIENT_SECRET", "refreshToken": "Atzr|YOUR_REFRESH_TOKEN" ... Set `AMAZON_SPAPI_PATH` env var to point to it
Declare the credential requirement clearly, use least-privilege SP-API credentials, store them outside any served directory, and rotate them if the server was exposed.
A mistaken report, wrong file match, or unintended invocation could change images on live product listings and affect sales or compliance.
The script directly replaces live Amazon listing image attributes through SP-API; report-based workflows can apply many patches without an explicit confirmation gate.
operation: 'patchListingsItem' ... patches: [{ op: 'replace', path: `/attributes/${attr}`, value: [{ media_location: imageUrl, marketplace_id: cfg.marketplace }] }]Add a dry-run and per-SKU confirmation before patching, back up current listing attributes, and avoid bulk `--all` or `--from-report` pushes until the generated fixes are reviewed.
If the port is reachable, a path-traversal request could expose files outside the image directory, potentially including the default `amazon-sp-api.json` credential file.
The temporary public server accepts arbitrary request paths and does not verify that the resolved file stays inside the intended image directory.
const filePath = path.join(dir, req.url.replace(/^\//, '')); ... fs.createReadStream(filePath).pipe(res); ... server.listen(port, '0.0.0.0');
Normalize and validate paths, serve only whitelisted fixed image filenames, bind to a restricted interface or use signed object storage, and keep credentials away from the served directory tree.
The user may install whatever package versions are current at install time, and the missing title script creates confusion or a temptation to run unreviewed code from elsewhere.
Setup uses unpinned third-party packages, and the documentation references a title-patching script that is not present in the provided file manifest.
pip3 install Pillow npm install amazon-sp-api ... ### `fix_title.js` — Patch listing title
Pin dependency versions, provide a lockfile or install spec, and remove or include and review any referenced helper scripts before use.