← Back to Skills Marketplace

Amazon Orders

Name: Amazon Orders
Author: pfernandez98

by pfernandez98 · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

1238

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install amazon-orders

Description

Download and query your Amazon order history via an unofficial Python API and CLI.

README (SKILL.md)

amazon-orders Skill

Interact with your Amazon.com order history using the unofficial amazon-orders Python package and CLI.

Note: amazon-orders works by scraping/parsing Amazon's consumer website, so it can break if Amazon changes their pages. Only the English Amazon .com site is officially supported.

Setup

Install / upgrade

python3 -m pip install --upgrade amazon-orders

(Install details and version pinning guidance are in the project README.)

Authentication options

amazon-orders can get credentials from (highest precedence first): environment variables, parameters passed to AmazonSession, or a local config.

Environment variables:

export AMAZON_USERNAME="[email protected]"
export AMAZON_PASSWORD="your-password"
# Optional: for accounts with OTP/TOTP enabled
export AMAZON_OTP_SECRET_KEY="BASE32_TOTP_SECRET"

(OTP secret key usage is documented by the project.)

Usage

You can use amazon-orders either as a Python library or from the command line.

Python: basic usage

from amazonorders.session import AmazonSession
from amazonorders.orders import AmazonOrders

amazon_session = AmazonSession("\x3CAMAZON_EMAIL>", "\x3CAMAZON_PASSWORD>")
amazon_session.login()

amazon_orders = AmazonOrders(amazon_session)

# Orders from a specific year
orders = amazon_orders.get_order_history(year=2023)

# Or use a time filter for recent orders
orders = amazon_orders.get_order_history(time_filter="last30")     # Last 30 days
orders = amazon_orders.get_order_history(time_filter="months-3")   # Past 3 months

for order in orders:
    print(f"{order.order_number} - {order.grand_total}")

Full details (slower, more fields)

Some order fields only populate when you request full details; enable it when you need richer order data:

Python: full_details=True
CLI: --full-details on history

CLI: common commands

# Authenticate (interactive / uses env vars if set)
amazon-orders login

# Order history
amazon-orders history --year 2023
amazon-orders history --last-30-days
amazon-orders history --last-3-months

Tips

If your account has MFA enabled, prefer setting AMAZON_OTP_SECRET_KEY for automated runs.
When automating, keep credentials out of shell history: use environment variables and a secret manager (1Password, Vault, GitHub Actions secrets, etc.).

Examples

Export yearly history to JSON

amazon-orders history --year 2023 --full-details > orders_2023.json

Quick totals check (requires jq)

amazon-orders history --last-30-days --full-details   | jq -r '.[] | [.order_number, .grand_total] | @tsv'

Notes

This is an unofficial scraper-based tool (no official Amazon API).
Official docs are hosted on Read the Docs for advanced usage and APIs (Orders, Transactions, etc.).

Usage Guidance

This skill appears to be what it claims (a wrapper around the unofficial amazon-orders Python package), but you should be cautious about supplying credentials. Key points to consider before installing or enabling it: - The registry metadata marks AMAZON_OTP_SECRET_KEY as required, but the SKILL.md says the OTP/TOTP secret is optional for accounts with MFA — ask the publisher or registry maintainer to clarify whether the OTP secret is mandatory. - Never store your Amazon password or OTP secret in plaintext where you don't control access. Prefer interactive login or a secure secrets manager (Vault, 1Password, GitHub Actions secrets) and avoid placing long-lived OTP secrets in environment variables unless you understand the risk. - Installing via `pip` will fetch the package from PyPI and run its code on your system. Review the package source (the linked GitHub repo) and pin a version to avoid unexpected upgrades or supply-chain issues. - If you enable autonomous agent invocation, be aware the agent could log in and fetch orders without further prompts — that increases the impact if credentials are compromised. - If you do not trust the package author or cannot verify the repository, do not provide credentials; consider running the tool in an isolated environment (ephemeral VM or container) and limit network/credential exposure. If you want a safer setup: confirm whether OTP is actually required, use short-lived or restricted credentials where possible, review the upstream project code, and prefer interactive login flows or delegated authentication over storing TOTP secrets in env vars.

Capability Analysis

Type: OpenClaw Skill Name: amazon-orders Version: 1.0.0 The skill bundle is benign. Its instructions and metadata are clearly aligned with its stated purpose of downloading and querying Amazon order history using the `amazon-orders` Python package. It requires sensitive Amazon credentials (username, password, OTP secret key) via environment variables, which is necessary for its functionality, and it provides good security advice on handling these credentials. There is no evidence of prompt injection against the agent, unauthorized data exfiltration, persistence mechanisms, or other malicious intent within the provided files.

Capability Assessment

ℹ Purpose & Capability

Name/description match what the SKILL.md actually instructs (install and run the unofficial amazon-orders Python package). Requested binaries (python3, pip3) and environment variables for Amazon credentials are consistent with an automated scraper that logs into an account. However, the registry metadata lists AMAZON_OTP_SECRET_KEY as a required env var while the SKILL.md explicitly says that OTP/TOTP is optional for accounts that have MFA — this mismatch is disproportionate and should be clarified.

✓ Instruction Scope

SKILL.md stays on-purpose: it tells the agent to pip install the package, to supply credentials via env vars or parameters, and to run the library or CLI to fetch order history. It does not instruct the agent to read unrelated files, harvest additional system secrets, or send data to endpoints outside the documented project. The doc does recommend storing credentials in env vars and using an OTP secret for automation, which is within scope for automated login but has security implications.

ℹ Install Mechanism

There is no formal install spec in the registry; the SKILL.md tells users to run `python3 -m pip install --upgrade amazon-orders`. Installing from PyPI is a common pattern but carries normal supply-chain risk (pip package code will be downloaded and executed). The homepage points to a GitHub repo, which is expected; no remote download from unknown hosts is required by the SKILL.md itself.

⚠ Credentials

The skill requires AMAZON_USERNAME and AMAZON_PASSWORD (expected) and the registry also lists AMAZON_OTP_SECRET_KEY as required. The SKILL.md describes the OTP secret as optional for accounts with MFA. Declaring the OTP secret mandatory is disproportionate and sensitive: an OTP/TOTP secret in environment variables allows unattended login and effectively bypasses MFA protections. The number and sensitivity of required env vars are otherwise appropriate for a login-based scraper, but the mandatory OTP secret is a red flag unless you explicitly need unattended runs.

ℹ Persistence & Privilege

always:false (no forced global inclusion) and model-invocation is enabled (default). That means the agent could invoke the skill autonomously if permitted. Combining autonomous invocation with stored Amazon credentials (especially an OTP secret) increases risk because the agent could sign in and act on the account without interactive confirmation. This is not by itself a fatal issue, but be aware of the blast radius before enabling autonomous runs.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install amazon-orders
After installation, invoke the skill by name or use /amazon-orders
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

- Initial release of the amazon-orders skill. - Enables downloading and querying Amazon order history via an unofficial Python API and CLI. - Supports authentication using environment variables, interactive login, or config files. - Provides filtering for orders by year or time period (e.g., last 30 days, past 3 months). - Includes both Python library and CLI usage examples. - Adds guidance for handling MFA and exporting order data.

Metadata

Slug amazon-orders

Version 1.0.0

License —

All-time Installs 2

Active Installs 2

Total Versions 1

Frequently Asked Questions

What is Amazon Orders?

Download and query your Amazon order history via an unofficial Python API and CLI. It is an AI Agent Skill for Claude Code / OpenClaw, with 1238 downloads so far.

How do I install Amazon Orders?

Run "/install amazon-orders" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Amazon Orders free?

Yes, Amazon Orders is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Amazon Orders support?

Amazon Orders is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Amazon Orders?

It is built and maintained by pfernandez98 (@pfernandez98); the current version is v1.0.0.

More Skills