← Back to Skills Marketplace
zero2ai-hub

Skill Amazon Spapi

by Zero2Ai · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
746
Downloads
1
Stars
3
Active Installs
2
Versions
Install in OpenClaw
/install skill-amazon-spapi
Description
Amazon SP-API skill for OpenClaw agents. Fetch orders, check FBA inventory, manage listings and pricing. Works with any marketplace and seller account.
Usage Guidance
This skill appears to do exactly what it claims: interact with Amazon SP-API using LWA credentials stored in a local JSON file. Before installing/running: 1) Review the amazon-sp-api npm package source/version you will install (supply-chain risk). 2) Keep the credential file secure (chmod 600 as recommended) and do not commit it to source control. 3) Note the small metadata inconsistency: the skill uses AMAZON_SPAPI_PATH but the registry metadata does not list any required env vars — ensure you set that env var or place the file at ./amazon-sp-api.json. 4) Only run these scripts from a trusted environment because they have network access to your seller data and can update listings/pricing.
Capability Analysis
Type: OpenClaw Skill Name: skill-amazon-spapi Version: 1.0.1 The skill bundle is designed to interact with Amazon SP-API, which is its stated purpose. It reads sensitive credentials from a local file (`amazon-sp-api.json`) and performs legitimate API calls. However, the scripts `scripts/inventory.js`, `scripts/listings.js`, and `scripts/orders.js` accept an `--out` argument for writing output files. This argument is not sanitized, making the skill vulnerable to path traversal (e.g., `node scripts/inventory.js --out ../../../tmp/output.json`). While this is a vulnerability that could be exploited by a compromised or poorly designed AI agent, there is no clear evidence of intentional malicious behavior by the skill itself, such as data exfiltration to unauthorized endpoints, persistence mechanisms, or harmful prompt injection attempts.
Capability Assessment
Purpose & Capability
Name/description (SP-API: orders, inventory, listings) match the included scripts and required node binary. The scripts use LWA credentials, sellerId, and marketplace IDs which are expected for this purpose.
Instruction Scope
SKILL.md describes installing the amazon-sp-api npm package, creating a local credentials JSON, and running the provided scripts. The scripts only call SP-API endpoints, read the local credential file (AMAZON_SPAPI_PATH), and optionally write JSON output files — all within the stated feature set.
Install Mechanism
There is no platform install spec; SKILL.md instructs the user to run `npm install amazon-sp-api`. Installing an npm package is standard here, but any npm package carries the usual supply-chain risk; user should prefer installing from a vetted source and review the package before running.
Credentials
The registry metadata lists no required env vars, but the code and docs rely on AMAZON_SPAPI_PATH (default ./amazon-sp-api.json) and a local credential file containing LWA client id/secret and refresh token. Storing credentials in a local file is coherent but the declared metadata is inconsistent with the runtime instructions (missing env var declaration).
Persistence & Privilege
Skill is not marked always:true, does not request system-wide config changes, and only reads a local creds file and writes optional output files. It does not modify other skills or system settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install skill-amazon-spapi
  3. After installation, invoke the skill by name or use /skill-amazon-spapi
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Documentation updated in README.md for improved clarity and usability. - No changes to functionality or code—informational update only.
v1.0.0
Initial release — orders, FBA inventory, listings & pricing for any Amazon seller account
Metadata
Slug skill-amazon-spapi
Version 1.0.1
License
All-time Installs 3
Active Installs 3
Total Versions 2
Frequently Asked Questions

What is Skill Amazon Spapi?

Amazon SP-API skill for OpenClaw agents. Fetch orders, check FBA inventory, manage listings and pricing. Works with any marketplace and seller account. It is an AI Agent Skill for Claude Code / OpenClaw, with 746 downloads so far.

How do I install Skill Amazon Spapi?

Run "/install skill-amazon-spapi" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skill Amazon Spapi free?

Yes, Skill Amazon Spapi is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Skill Amazon Spapi support?

Skill Amazon Spapi is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skill Amazon Spapi?

It is built and maintained by Zero2Ai (@zero2ai-hub); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments