← Back to Skills Marketplace
zero2ai-hub

Listing Image Optimizer

by Zero2Ai · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
414
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install skill-listing-optimizer
Description
Audit Amazon product listing images for non-square dimensions, auto-pad them to 2000×2000 white background, and push corrected images to live listings via SP...
Usage Guidance
This skill appears to implement the advertised pipeline but has a few red flags you should consider before installing and running it: - Sensitive credentials: you must create an SP-API credentials file (refresh token, LWA client id/secret, sellerId). Treat this file like a secret — only place it on machines you control and do not expose it. The skill reads the file from AMAZON_SPAPI_PATH or ./amazon-sp-api.json; metadata did not declare this, so double-check before running. - Public HTTP server: push_images.js serves image files on 0.0.0.0 and advertises a public URL for Amazon to crawl. This will expose any files in the directory at that port while the server is running — consider using a trusted public hosting option (S3 with pre-signed URLs or a secure proxy) instead of opening a host/port on a VPS. - Missing file: SKILL.md documents a fix_title.js command but that file is not included. Expect incomplete/rough edges; review the scripts locally before use. - Verify dependencies: npm package amazon-sp-api and pip Pillow will be installed locally. Inspect package versions and consider running in an isolated environment (container or VM). - Best practices: run first on a test account, rotate/revoke SP-API tokens if you suspect exposure, and audit logs and network access. If you are uncomfortable exposing a public port, adapt the code to upload fixed images to S3 and use S3 URLs for SP-API updates instead of a local server.
Capability Analysis
Type: OpenClaw Skill Name: skill-listing-optimizer Version: 1.0.1 The skill bundle is classified as suspicious primarily due to the `scripts/push_images.js` file. This script initiates a temporary HTTP server on a public IP address (`0.0.0.0`) to serve image files, which Amazon's SP-API is instructed to crawl. While this functionality is described as necessary for the skill's stated purpose of updating Amazon listings, exposing a local directory via a publicly accessible HTTP server, even temporarily and for specific files, introduces a significant security risk. If the agent were to be prompted to use a sensitive directory for this server, it could lead to unauthorized data exposure. The `SKILL.md` also explicitly highlights the requirement for a publicly accessible IP/port for this operation.
Capability Assessment
Purpose & Capability
The name/description match the included scripts (audit.js, pad_to_square.py, push_images.js). Required binaries (node, python3) and dependencies (Pillow, amazon-sp-api) are appropriate for the stated purpose. Minor mismatch: metadata declares no required credentials/env but the scripts expect an SP-API credentials file (amazon-sp-api.json) containing refresh token/client id/secret and sellerId — this is expected for SP-API use but wasn't declared in the registry metadata.
Instruction Scope
SKILL.md instructs installing packages, creating an SP-API credentials file, and running the three scripts — which is consistent with the code. But SKILL.md references a fix_title.js command that is not present in the file manifest (missing file). push_images.js intentionally spins up an HTTP server bound to 0.0.0.0 and serves files publicly for ~15 minutes; that behavior is within the claimed purpose (Amazon needs to crawl images) but is a data-exposure/vector risk and should be explicit to users. The scripts read the credentials file from a path set via AMAZON_SPAPI_PATH (or default ./amazon-sp-api.json) — the README/metadata did not declare this env var.
Install Mechanism
There is no automated install spec; the skill is instruction-plus-scripts. Dependencies are typical (pip Pillow, npm amazon-sp-api). No downloads from untrusted URLs or archive extraction are present in the package itself.
Credentials
The runtime requires SP-API credentials containing a refresh token, LWA client id/secret and seller/marketplace identifiers — these are sensitive and necessary for the declared purpose. However, the registry metadata lists no primary credential or required env vars, creating an omission that could mislead users about what secrets they must provide. The code also references optional env PRODUCT_TYPE and AMAZON_SPAPI_PATH; these env uses are not declared in metadata.
Persistence & Privilege
The skill does not request persistent/always-on privileges. It can run autonomously (default platform behavior) but does not modify other skills or system configs. Operationally, it opens a temporary public HTTP server (0.0.0.0) that serves image files for ~15 minutes — not persistent, but network-exposed and potentially accessible to anyone who can reach the host/port.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install skill-listing-optimizer
  3. After installation, invoke the skill by name or use /skill-listing-optimizer
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Audit, pad, and push square product listing images via SP-API
Metadata
Slug skill-listing-optimizer
Version 1.0.1
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Listing Image Optimizer?

Audit Amazon product listing images for non-square dimensions, auto-pad them to 2000×2000 white background, and push corrected images to live listings via SP... It is an AI Agent Skill for Claude Code / OpenClaw, with 414 downloads so far.

How do I install Listing Image Optimizer?

Run "/install skill-listing-optimizer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Listing Image Optimizer free?

Yes, Listing Image Optimizer is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Listing Image Optimizer support?

Listing Image Optimizer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Listing Image Optimizer?

It is built and maintained by Zero2Ai (@zero2ai-hub); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments