Listing Image Optimizer

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ConcernHigh Confidence

ASI03: Identity and Privilege Abuse

What this means

If run with real credentials, the skill can act on the seller account and change live listing data.

Why it was flagged

The skill requires delegated Amazon Seller SP-API credentials tied to a seller account, enabling account-level listing actions.

Skill content

"lwaClientSecret": "YOUR_CLIENT_SECRET", "refreshToken": "Atzr|YOUR_REFRESH_TOKEN", ... "sellerId": "YOUR_SELLER_ID"

Recommendation

Use dedicated least-privilege SP-API credentials, restrict credential-file permissions, verify seller/marketplace scope, and require explicit user approval before any write operation.

ConcernHigh Confidence

ASI02: Tool Misuse and Exploitation

What this means

A wrong file, slot, SKU, or report can replace public product images and affect sales or listing compliance.

Why it was flagged

The script directly replaces image attributes on live Amazon listings via SP-API, and the surrounding workflow loops through fixes without an interactive confirmation step.

Skill content

operation: 'patchListingsItem', ... op: 'replace', path: `/attributes/${attr}`, value: [{ media_location: imageUrl, marketplace_id: cfg.marketplace }]

Recommendation

Add a dry-run mode, show the exact SKU/slot/image changes, require confirmation before patching, and provide rollback guidance.

ConcernHigh Confidence

ASI08: Cascading Failures

What this means

A single mistaken run could bulk-update many live Amazon listings instead of one selected product.

Why it was flagged

The documented one-command pipeline audits all SKUs and then pushes fixes from a report, so one bad report or naming error can propagate across many listings.

Skill content

node scripts/audit.js --all --out report.json
python3 scripts/pad_to_square.py ./image_fix/
node scripts/push_images.js --dir ./image_fix/ --from-report report.json

Recommendation

Review the report manually, limit default runs to one SKU, batch changes in small groups, and require explicit approval for all-SKU operations.

ConcernHigh Confidence

ASI07: Insecure Inter-Agent Communication

What this means

Anyone who can reach the port may access served images, and path traversal could expose files outside the intended image directory during the 15-minute window.

Why it was flagged

The temporary crawl server accepts requests on all interfaces and serves requested paths without authentication, origin checks, or path-containment validation.

Skill content

const filePath = path.join(dir, req.url.replace(/^\//, '')); ... fs.createReadStream(filePath).pipe(res); ... server.listen(port, '0.0.0.0');

Recommendation

Use S3 or signed URLs, firewall the port, reject path traversal, serve only an allowlist of generated image filenames, and avoid binding to 0.0.0.0 unless necessary.

NoteHigh Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Users will install whatever package versions are current at setup time, which can change behavior or introduce dependency risk.

Why it was flagged

The setup installs dependencies without pinned versions or a lockfile.

Skill content

pip3 install Pillow
npm install amazon-sp-api

Recommendation

Pin dependency versions, provide a package lock/requirements file, and install from trusted package indexes.

ConcernHigh Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

A user or agent may try to run or obtain unreviewed code for an unrelated live listing title change.

Why it was flagged

The documentation advertises a live listing title-patching helper that is outside the image-optimizer purpose and is not present in the provided file manifest for review.

Skill content

### `fix_title.js` — Patch listing title
node scripts/fix_title.js --sku "MY-SKU" --title "New optimized title here"

Recommendation

Remove the title-patching instruction or include reviewed code with clear scope, permissions, and explicit approval requirements.

Findings (4)

critical

suspicious.env_credential_access

Location: scripts/audit.js:16
Finding: Environment variable access combined with network send.

critical

suspicious.env_credential_access

Location: scripts/push_images.js:17
Finding: Environment variable access combined with network send.

critical

suspicious.exposed_secret_literal

Location: scripts/audit.js:25
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: scripts/push_images.js:26
Finding: File appears to expose a hardcoded API secret or token.