← 返回 Skills 市场
Amazon
作者
BrennerSpear
· GitHub ↗
· v1.0.0
673
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install amazon-ordering
功能描述
Buy and return items on Amazon using browser automation. Use for purchasing, reordering, checking order history, and processing returns.
使用说明 (SKILL.md)
Amazon Ordering
Prerequisites
agent-browserCLI installed- Chrome running with
--remote-debugging-port=9222(see Starting the browser) - Logged into Amazon — if logged out, retrieve password from your password manager
- If running headless (Linux/VNC), forward the VNC port to verify visually:
ssh -L 6080:localhost:6080 \x3Chost>→ http://localhost:6080/vnc.html
Setup
Set these environment variables or configure your defaults:
# Your default shipping address (verify on checkout)
export AMAZON_SHIPPING_ADDRESS="Your shipping address"
# Your preferred payment method description (verify on checkout)
export AMAZON_PAYMENT_METHOD="Your preferred card"
# Your preferred return drop-off location
export AMAZON_RETURN_DROPOFF="Whole Foods"
Always verify shipping address and payment method are correct before placing an order.
Returns
Default Answers (use unless user specifies otherwise)
- Return reason: "Changed Mind" → "My needs changed"
- Packaging opened: Yes
- Item in original packaging: Yes
- Have you used the item: Yes
- Signs of use: None
- Battery leaks/overheating: No
- All accessories included: Yes
- Refund type: Refund to original payment method (not replacement, not gift card)
- Drop-off location: Use
AMAZON_RETURN_DROPOFFor Whole Foods
Return Flow
- Orders → Find item → "Return or replace items"
- Select "Changed Mind" → "My needs changed" → Continue
- Answer condition questions with defaults above
- Continue past "Get Product Support" suggestions
- Select "Refund to original payment method"
- Select drop-off location
- Confirm return
- Done — QR code will be emailed
Communication Style
- Do NOT narrate each step — just execute the whole return silently
- Only message the user once it's confirmed with a brief summary:
- Item name
- Refund amount
- Drop-off location & deadline
- If something goes wrong or needs clarification, then ask
Ordering Rules
Reorders (items ordered before)
- Go directly to order history, search for item
- Click "Buy it again"
- Verify address and payment method
- Place order without confirmation — no screenshot needed
New Items (never ordered before)
- Search or navigate to product
- Send screenshot of product page (scroll so price + product image visible, skip nav bars)
- Wait for user confirmation before adding to cart
- Verify address and payment method
- Place order after confirmation
Workflow
Connect to browser
agent-browser connect 9222
Always open a new tab — other sessions share the same Chrome. Use --new-tab on every open command.
Search order history
agent-browser open "https://www.amazon.com/gp/your-account/order-history"
agent-browser snapshot -i
# Find search box, fill with item name, click search
Reorder flow
# From order history search results
agent-browser click @[buy-it-again-ref]
# Wait for checkout page
agent-browser snapshot
# Verify correct address and payment method are selected
agent-browser click @[place-order-ref]
Screenshot tips
- Scroll past nav bars before screenshotting
- Ensure price and product image are both visible
- Save screenshots to a temporary directory
- Send via message tool with caption
Starting the browser (if not running)
macOS (opens a visible Chrome window):
open -na "Google Chrome" --args --user-data-dir=$HOME/.config/chrome-agent --no-first-run --remote-debugging-port=9222 https://www.amazon.com
Linux (headless with Xvfb/VNC):
DISPLAY=:99 google-chrome --user-data-dir=$HOME/.config/chrome-agent --no-first-run --remote-debugging-port=9222 https://www.amazon.com &
Linux (desktop/GUI session):
google-chrome --user-data-dir=$HOME/.config/chrome-agent --no-first-run --remote-debugging-port=9222 https://www.amazon.com &
Notes
- Browser profile persists login at
$HOME/.config/chrome-agent - On headless Linux, VNC display is typically
:99on port 5999 (noVNC on 6080) - Order confirmations go to the email on your Amazon account
- CAPTCHAs or 2FA may require manual intervention — if the browser window is visible (macOS or Linux desktop), ask the user to solve it in the Chrome window
安全使用建议
This skill automates real purchases and returns and asks you to use a persistent Chrome profile and (implicitly) account credentials, but its metadata does not declare those requirements. Before installing or running it: 1) Do not give it access to your primary account with saved payment methods; test with a disposable Amazon account and payment method. 2) Require explicit confirmations for any purchase — the skill's 'place order without confirmation' instruction is dangerous. 3) Prefer running the automation in an isolated VM/container or a dedicated browser profile (not your main Chrome profile) to avoid exposing other cookies and sessions. 4) Ask the publisher (or examine code) to declare required env vars/credentials and to remove instructions that retrieve passwords from a password manager or act silently. 5) If you must proceed, audit agent-browser usage and monitor email/payment notifications closely. If you cannot verify these changes, avoid installing or enable strict manual confirmation before any financial action.
功能分析
Type: OpenClaw Skill
Name: amazon-ordering
Version: 1.0.0
The skill is classified as suspicious primarily due to a significant prompt injection vulnerability in `SKILL.md`. The instruction "retrieve password from your password manager" explicitly directs the AI agent to access a highly sensitive data source, which, depending on the agent's capabilities, could lead to unauthorized credential access or exfiltration. Additionally, instructions like "Do NOT narrate each step" promote stealth, and "Place order without confirmation" for reorders bypasses critical safety checks for financial transactions, further contributing to the suspicious classification.
能力评估
Purpose & Capability
Name/description claim browser automation for Amazon purchases/returns, which matches the SKILL.md instructions to use agent-browser + Chrome CDP. However the skill metadata declares no required env vars or credentials while the runtime instructions require environment variables (AMAZON_SHIPPING_ADDRESS, AMAZON_PAYMENT_METHOD, AMAZON_RETURN_DROPOFF) and assume access to a logged-in Amazon session, creating an incoherence between declared requirements and what the skill actually needs.
Instruction Scope
The instructions direct the agent to control a local Chrome instance (remote-debugging), open order history, place orders and process returns, take screenshots, and 'execute the whole return silently'. It also tells the agent to retrieve the Amazon password from a password manager if logged out and to 'place order without confirmation' for reorders. These steps involve accessing sensitive data (account session, passwords, payment info) and performing financial actions with minimal user confirmation — scope exceeds a simple helper and could lead to unwanted purchases or credential exposure.
Install Mechanism
This is an instruction-only skill with no install spec or code to download, which is the lowest install risk. The runtime relies on external tools (agent-browser, Chrome) already present on the host.
Credentials
Metadata lists no required environment variables or primary credential, but the SKILL.md tells users to set several AMAZON_* env vars and to use a persisted browser profile at $HOME/.config/chrome-agent and potentially retrieve passwords from a password manager. Requesting or using account credentials, stored browser profiles, and payment/shipping data is sensitive and should have been declared explicitly; the current mismatch is disproportionate and opaque.
Persistence & Privilege
The skill instructs creating/using a persistent browser profile in $HOME/.config/chrome-agent and connecting to Chrome's remote debugging port, which grants broad access to the user's browser session and cookies. Although the skill is not marked always:true, its instructions enable persistent access to account sessions and stored credentials, and it advises performing actions silently and without confirmation for some flows — a risky combination.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install amazon-ordering - 安装完成后,直接呼叫该 Skill 的名称或使用
/amazon-ordering触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Auto-publish from CI
元数据
常见问题
Amazon 是什么?
Buy and return items on Amazon using browser automation. Use for purchasing, reordering, checking order history, and processing returns. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 673 次。
如何安装 Amazon?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install amazon-ordering」即可一键安装,无需额外配置。
Amazon 是免费的吗?
是的,Amazon 完全免费(开源免费),可自由下载、安装和使用。
Amazon 支持哪些平台?
Amazon 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Amazon?
由 BrennerSpear(@brennerspear)开发并维护,当前版本 v1.0.0。
推荐 Skills