← Back to Skills Marketplace
zero2ai-hub

Skill Amazon Listing Optimizer

by Zero2Ai · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
522
Downloads
0
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install skill-amazon-listing-optimizer
Description
Audit Amazon product listing images for non-square dimensions, auto-pad them to 2000×2000 white background, and push corrected images to live listings via SP...
Usage Guidance
This package appears to do what it claims, but stop and address the following before running on a production machine or with real seller credentials: - The image pusher starts a public HTTP server and directly maps request paths to files without sanitizing ../ sequences. If you run this server on a publicly reachable IP, an attacker (or crawler) could download arbitrary files readable by the process. Run the server only in a hardened environment, serve from an isolated directory, or replace the simple server with a secure static-file server that prevents path traversal. - Verify the SP‑API credential file (AMAZON_SPAPI_PATH) exists and that the credentials have only the minimal scopes needed (listings write). Keep those credentials private and rotate them if needed. - The README/SKILL.md mention a fix_title.js script that is not included — treat the docs as slightly unreliable and inspect the included scripts carefully before use. - The code makes an external call to api.ipify.org to detect the public IP; if you prefer not to call third‑party services, supply the public IP/hostname manually or use a secure proxy/S3 approach. - If you plan to run this on a server, host the images on a controlled CDN/S3 with restricted access where possible and confirm Amazon's required URL handling rather than exposing your entire host. If these issues are fixed (sanitize server paths or use a safe file server; remove missing/inaccurate docs), the skill would be coherent and appropriate for its purpose.
Capability Analysis
Type: OpenClaw Skill Name: skill-amazon-listing-optimizer Version: 1.0.0 The skill's stated purpose is benign, but the `scripts/push_images.js` file contains a critical path traversal vulnerability. Its temporary HTTP server, exposed on a public IP, uses `path.join(dir, req.url.replace(/^//, ''))` to serve files. This allows an attacker to use `../` sequences in the URL to read arbitrary files from the host system (e.g., `http://<ip>:<port>/../etc/passwd`), which is a significant data exfiltration risk. This is a severe vulnerability, classifying the skill as suspicious rather than benign, but without clear evidence of intentional malicious exploitation by the skill author.
Capability Assessment
Purpose & Capability
Name/description match the code: scripts audit listings, pad images, and upload via SP‑API. Required binaries (node, python3) are reasonable for the included scripts and image tooling. Asking for SP‑API credentials (in a credentials file) is proportionate to the stated purpose.
Instruction Scope
The runtime instructions and scripts instruct the agent to start a public HTTP server and have Amazon crawl URLs — this is expected for the upload method used, but the server implementation does not sanitize request paths (path traversal risk) and will serve arbitrary filesystem files if exposed. The SKILL.md also references a fix_title.js script that is not present in the package, showing sloppy/incomplete documentation. The instructions additionally rely on an optional AMAZON_SPAPI_PATH env var (documented) even though the skill metadata lists no required env vars — a minor inconsistency.
Install Mechanism
There is no install spec (instruction-only install), and the dependencies are standard (Pillow via pip, amazon-sp-api via npm). No downloads from arbitrary URLs or archive extraction are present in the package. All code is included in the repo.
Credentials
The skill requires SP‑API credentials (lwa client id/secret, refresh token, sellerId, marketplace) stored in a local JSON file — this is expected for making listings changes. The package does not request unrelated credentials. One minor mismatch: SKILL.md mentions AMAZON_SPAPI_PATH env var (optional) but the registry metadata lists no required env vars; the credential file approach may be fine but users should ensure credentials provided have minimal necessary scopes (listingsItems write).
Persistence & Privilege
The skill is not set to always:true and does not request persistent system-wide privileges. It runs transient local servers and SP‑API calls as invoked, which matches the described purpose. Autonomous invocation is allowed (platform default) but not an additional red flag by itself.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install skill-amazon-listing-optimizer
  3. After installation, invoke the skill by name or use /skill-amazon-listing-optimizer
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Version 1.0.0 — Initial Release - Automatically audits Amazon product listing images for non-square dimensions. - Auto-pads images to 2000×2000 pixels with a white background to meet Amazon requirements. - Uploads corrected images directly to live listings via SP-API (no manual Seller Central steps needed). - Works with any marketplace and seller account. - Includes scripts for audit, local image fixing, image upload, and optional title patching.
v1.0.1
Renamed to include amazon keyword for discoverability
Metadata
Slug skill-amazon-listing-optimizer
Version 1.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 2
Frequently Asked Questions

What is Skill Amazon Listing Optimizer?

Audit Amazon product listing images for non-square dimensions, auto-pad them to 2000×2000 white background, and push corrected images to live listings via SP... It is an AI Agent Skill for Claude Code / OpenClaw, with 522 downloads so far.

How do I install Skill Amazon Listing Optimizer?

Run "/install skill-amazon-listing-optimizer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skill Amazon Listing Optimizer free?

Yes, Skill Amazon Listing Optimizer is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Skill Amazon Listing Optimizer support?

Skill Amazon Listing Optimizer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skill Amazon Listing Optimizer?

It is built and maintained by Zero2Ai (@zero2ai-hub); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments