SP-API Skill

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill appears aligned with Amazon SP-API use, but it can use seller credentials to change live Amazon listing prices without built-in approval safeguards.

Install only if you are comfortable giving an agent access to Amazon SP-API credentials. Treat price updates as live business changes: require manual approval, verify SKU/marketplace/price before running, protect the credentials file, and consider pinning the npm dependency before use.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

If an agent invokes this command incorrectly, it could change a real product price in the seller account and affect sales or revenue.

Why it was flagged

The script can patch a live Amazon listing's purchasable offer price. The code does not include a confirmation step, dry-run mode, price validation, or rollback mechanism before making the account change.

Skill content

operation: 'patchListingsItem' ... path: '/attributes/purchasable_offer' ... value_with_tax: parseFloat(price)

Recommendation

Require explicit user approval before updates, show SKU/marketplace/current price/new price, validate allowed price ranges and currency, add a dry-run mode, and keep an audit trail or rollback instructions.

Medium

#ASI03: Identity and Privilege Abuse

What this means

Anyone or any agent process able to use this skill with that credentials file may perform the Amazon SP-API actions authorized by the token.

Why it was flagged

The skill reads an Amazon SP-API refresh token and LWA client secret from a local file to access the seller account. This is expected for the purpose, but it is sensitive delegated account access.

Skill content

const CREDS_PATH = process.env.AMAZON_SPAPI_PATH || './amazon-sp-api.json'; ... refresh_token: creds.refreshToken ... SELLING_PARTNER_APP_CLIENT_SECRET: creds.lwaClientSecret

Recommendation

Use least-privilege SP-API credentials, store the file with restrictive permissions, avoid sharing it with unrelated agents, and declare the credential requirement clearly in metadata.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Installing the latest package version may expose the user to dependency changes or supply-chain risk outside the reviewed artifacts.

Why it was flagged

The skill asks the user to install an external npm package without a pinned version or lockfile in the provided artifacts. The dependency is central to the stated purpose, but provenance and reproducibility are limited.

Skill content

npm install amazon-sp-api

Recommendation

Pin the dependency version, provide a package.json/package-lock.json, and install only from a trusted npm registry.