← Back to Skills Marketplace
Amazon
by
BrennerSpear
· GitHub ↗
· v1.0.0
673
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install amazon-ordering
Description
Buy and return items on Amazon using browser automation. Use for purchasing, reordering, checking order history, and processing returns.
README (SKILL.md)
Amazon Ordering
Prerequisites
agent-browserCLI installed- Chrome running with
--remote-debugging-port=9222(see Starting the browser) - Logged into Amazon — if logged out, retrieve password from your password manager
- If running headless (Linux/VNC), forward the VNC port to verify visually:
ssh -L 6080:localhost:6080 \x3Chost>→ http://localhost:6080/vnc.html
Setup
Set these environment variables or configure your defaults:
# Your default shipping address (verify on checkout)
export AMAZON_SHIPPING_ADDRESS="Your shipping address"
# Your preferred payment method description (verify on checkout)
export AMAZON_PAYMENT_METHOD="Your preferred card"
# Your preferred return drop-off location
export AMAZON_RETURN_DROPOFF="Whole Foods"
Always verify shipping address and payment method are correct before placing an order.
Returns
Default Answers (use unless user specifies otherwise)
- Return reason: "Changed Mind" → "My needs changed"
- Packaging opened: Yes
- Item in original packaging: Yes
- Have you used the item: Yes
- Signs of use: None
- Battery leaks/overheating: No
- All accessories included: Yes
- Refund type: Refund to original payment method (not replacement, not gift card)
- Drop-off location: Use
AMAZON_RETURN_DROPOFFor Whole Foods
Return Flow
- Orders → Find item → "Return or replace items"
- Select "Changed Mind" → "My needs changed" → Continue
- Answer condition questions with defaults above
- Continue past "Get Product Support" suggestions
- Select "Refund to original payment method"
- Select drop-off location
- Confirm return
- Done — QR code will be emailed
Communication Style
- Do NOT narrate each step — just execute the whole return silently
- Only message the user once it's confirmed with a brief summary:
- Item name
- Refund amount
- Drop-off location & deadline
- If something goes wrong or needs clarification, then ask
Ordering Rules
Reorders (items ordered before)
- Go directly to order history, search for item
- Click "Buy it again"
- Verify address and payment method
- Place order without confirmation — no screenshot needed
New Items (never ordered before)
- Search or navigate to product
- Send screenshot of product page (scroll so price + product image visible, skip nav bars)
- Wait for user confirmation before adding to cart
- Verify address and payment method
- Place order after confirmation
Workflow
Connect to browser
agent-browser connect 9222
Always open a new tab — other sessions share the same Chrome. Use --new-tab on every open command.
Search order history
agent-browser open "https://www.amazon.com/gp/your-account/order-history"
agent-browser snapshot -i
# Find search box, fill with item name, click search
Reorder flow
# From order history search results
agent-browser click @[buy-it-again-ref]
# Wait for checkout page
agent-browser snapshot
# Verify correct address and payment method are selected
agent-browser click @[place-order-ref]
Screenshot tips
- Scroll past nav bars before screenshotting
- Ensure price and product image are both visible
- Save screenshots to a temporary directory
- Send via message tool with caption
Starting the browser (if not running)
macOS (opens a visible Chrome window):
open -na "Google Chrome" --args --user-data-dir=$HOME/.config/chrome-agent --no-first-run --remote-debugging-port=9222 https://www.amazon.com
Linux (headless with Xvfb/VNC):
DISPLAY=:99 google-chrome --user-data-dir=$HOME/.config/chrome-agent --no-first-run --remote-debugging-port=9222 https://www.amazon.com &
Linux (desktop/GUI session):
google-chrome --user-data-dir=$HOME/.config/chrome-agent --no-first-run --remote-debugging-port=9222 https://www.amazon.com &
Notes
- Browser profile persists login at
$HOME/.config/chrome-agent - On headless Linux, VNC display is typically
:99on port 5999 (noVNC on 6080) - Order confirmations go to the email on your Amazon account
- CAPTCHAs or 2FA may require manual intervention — if the browser window is visible (macOS or Linux desktop), ask the user to solve it in the Chrome window
Usage Guidance
This skill automates real purchases and returns and asks you to use a persistent Chrome profile and (implicitly) account credentials, but its metadata does not declare those requirements. Before installing or running it: 1) Do not give it access to your primary account with saved payment methods; test with a disposable Amazon account and payment method. 2) Require explicit confirmations for any purchase — the skill's 'place order without confirmation' instruction is dangerous. 3) Prefer running the automation in an isolated VM/container or a dedicated browser profile (not your main Chrome profile) to avoid exposing other cookies and sessions. 4) Ask the publisher (or examine code) to declare required env vars/credentials and to remove instructions that retrieve passwords from a password manager or act silently. 5) If you must proceed, audit agent-browser usage and monitor email/payment notifications closely. If you cannot verify these changes, avoid installing or enable strict manual confirmation before any financial action.
Capability Analysis
Type: OpenClaw Skill
Name: amazon-ordering
Version: 1.0.0
The skill is classified as suspicious primarily due to a significant prompt injection vulnerability in `SKILL.md`. The instruction "retrieve password from your password manager" explicitly directs the AI agent to access a highly sensitive data source, which, depending on the agent's capabilities, could lead to unauthorized credential access or exfiltration. Additionally, instructions like "Do NOT narrate each step" promote stealth, and "Place order without confirmation" for reorders bypasses critical safety checks for financial transactions, further contributing to the suspicious classification.
Capability Assessment
Purpose & Capability
Name/description claim browser automation for Amazon purchases/returns, which matches the SKILL.md instructions to use agent-browser + Chrome CDP. However the skill metadata declares no required env vars or credentials while the runtime instructions require environment variables (AMAZON_SHIPPING_ADDRESS, AMAZON_PAYMENT_METHOD, AMAZON_RETURN_DROPOFF) and assume access to a logged-in Amazon session, creating an incoherence between declared requirements and what the skill actually needs.
Instruction Scope
The instructions direct the agent to control a local Chrome instance (remote-debugging), open order history, place orders and process returns, take screenshots, and 'execute the whole return silently'. It also tells the agent to retrieve the Amazon password from a password manager if logged out and to 'place order without confirmation' for reorders. These steps involve accessing sensitive data (account session, passwords, payment info) and performing financial actions with minimal user confirmation — scope exceeds a simple helper and could lead to unwanted purchases or credential exposure.
Install Mechanism
This is an instruction-only skill with no install spec or code to download, which is the lowest install risk. The runtime relies on external tools (agent-browser, Chrome) already present on the host.
Credentials
Metadata lists no required environment variables or primary credential, but the SKILL.md tells users to set several AMAZON_* env vars and to use a persisted browser profile at $HOME/.config/chrome-agent and potentially retrieve passwords from a password manager. Requesting or using account credentials, stored browser profiles, and payment/shipping data is sensitive and should have been declared explicitly; the current mismatch is disproportionate and opaque.
Persistence & Privilege
The skill instructs creating/using a persistent browser profile in $HOME/.config/chrome-agent and connecting to Chrome's remote debugging port, which grants broad access to the user's browser session and cookies. Although the skill is not marked always:true, its instructions enable persistent access to account sessions and stored credentials, and it advises performing actions silently and without confirmation for some flows — a risky combination.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install amazon-ordering - After installation, invoke the skill by name or use
/amazon-ordering - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Auto-publish from CI
Metadata
Frequently Asked Questions
What is Amazon?
Buy and return items on Amazon using browser automation. Use for purchasing, reordering, checking order history, and processing returns. It is an AI Agent Skill for Claude Code / OpenClaw, with 673 downloads so far.
How do I install Amazon?
Run "/install amazon-ordering" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Amazon free?
Yes, Amazon is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Amazon support?
Amazon is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Amazon?
It is built and maintained by BrennerSpear (@brennerspear); the current version is v1.0.0.
More Skills