← 返回 Skills 市场
pfernandez98

Amazon Orders

作者 pfernandez98 · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1238
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install amazon-orders
功能描述
Download and query your Amazon order history via an unofficial Python API and CLI.
使用说明 (SKILL.md)

amazon-orders Skill

Interact with your Amazon.com order history using the unofficial amazon-orders Python package and CLI.

Note: amazon-orders works by scraping/parsing Amazon's consumer website, so it can break if Amazon changes their pages. Only the English Amazon .com site is officially supported.

Setup

Install / upgrade

python3 -m pip install --upgrade amazon-orders

(Install details and version pinning guidance are in the project README.)

Authentication options

amazon-orders can get credentials from (highest precedence first): environment variables, parameters passed to AmazonSession, or a local config.

Environment variables:

export AMAZON_USERNAME="[email protected]"
export AMAZON_PASSWORD="your-password"
# Optional: for accounts with OTP/TOTP enabled
export AMAZON_OTP_SECRET_KEY="BASE32_TOTP_SECRET"

(OTP secret key usage is documented by the project.)

Usage

You can use amazon-orders either as a Python library or from the command line.

Python: basic usage

from amazonorders.session import AmazonSession
from amazonorders.orders import AmazonOrders

amazon_session = AmazonSession("\x3CAMAZON_EMAIL>", "\x3CAMAZON_PASSWORD>")
amazon_session.login()

amazon_orders = AmazonOrders(amazon_session)

# Orders from a specific year
orders = amazon_orders.get_order_history(year=2023)

# Or use a time filter for recent orders
orders = amazon_orders.get_order_history(time_filter="last30")     # Last 30 days
orders = amazon_orders.get_order_history(time_filter="months-3")   # Past 3 months

for order in orders:
    print(f"{order.order_number} - {order.grand_total}")

Full details (slower, more fields)

Some order fields only populate when you request full details; enable it when you need richer order data:

  • Python: full_details=True
  • CLI: --full-details on history

CLI: common commands

# Authenticate (interactive / uses env vars if set)
amazon-orders login

# Order history
amazon-orders history --year 2023
amazon-orders history --last-30-days
amazon-orders history --last-3-months

Tips

  • If your account has MFA enabled, prefer setting AMAZON_OTP_SECRET_KEY for automated runs.
  • When automating, keep credentials out of shell history: use environment variables and a secret manager (1Password, Vault, GitHub Actions secrets, etc.).

Examples

Export yearly history to JSON

amazon-orders history --year 2023 --full-details > orders_2023.json

Quick totals check (requires jq)

amazon-orders history --last-30-days --full-details   | jq -r '.[] | [.order_number, .grand_total] | @tsv'

Notes

  • This is an unofficial scraper-based tool (no official Amazon API).
  • Official docs are hosted on Read the Docs for advanced usage and APIs (Orders, Transactions, etc.).
安全使用建议
This skill appears to be what it claims (a wrapper around the unofficial amazon-orders Python package), but you should be cautious about supplying credentials. Key points to consider before installing or enabling it: - The registry metadata marks AMAZON_OTP_SECRET_KEY as required, but the SKILL.md says the OTP/TOTP secret is optional for accounts with MFA — ask the publisher or registry maintainer to clarify whether the OTP secret is mandatory. - Never store your Amazon password or OTP secret in plaintext where you don't control access. Prefer interactive login or a secure secrets manager (Vault, 1Password, GitHub Actions secrets) and avoid placing long-lived OTP secrets in environment variables unless you understand the risk. - Installing via `pip` will fetch the package from PyPI and run its code on your system. Review the package source (the linked GitHub repo) and pin a version to avoid unexpected upgrades or supply-chain issues. - If you enable autonomous agent invocation, be aware the agent could log in and fetch orders without further prompts — that increases the impact if credentials are compromised. - If you do not trust the package author or cannot verify the repository, do not provide credentials; consider running the tool in an isolated environment (ephemeral VM or container) and limit network/credential exposure. If you want a safer setup: confirm whether OTP is actually required, use short-lived or restricted credentials where possible, review the upstream project code, and prefer interactive login flows or delegated authentication over storing TOTP secrets in env vars.
功能分析
Type: OpenClaw Skill Name: amazon-orders Version: 1.0.0 The skill bundle is benign. Its instructions and metadata are clearly aligned with its stated purpose of downloading and querying Amazon order history using the `amazon-orders` Python package. It requires sensitive Amazon credentials (username, password, OTP secret key) via environment variables, which is necessary for its functionality, and it provides good security advice on handling these credentials. There is no evidence of prompt injection against the agent, unauthorized data exfiltration, persistence mechanisms, or other malicious intent within the provided files.
能力评估
Purpose & Capability
Name/description match what the SKILL.md actually instructs (install and run the unofficial amazon-orders Python package). Requested binaries (python3, pip3) and environment variables for Amazon credentials are consistent with an automated scraper that logs into an account. However, the registry metadata lists AMAZON_OTP_SECRET_KEY as a required env var while the SKILL.md explicitly says that OTP/TOTP is optional for accounts that have MFA — this mismatch is disproportionate and should be clarified.
Instruction Scope
SKILL.md stays on-purpose: it tells the agent to pip install the package, to supply credentials via env vars or parameters, and to run the library or CLI to fetch order history. It does not instruct the agent to read unrelated files, harvest additional system secrets, or send data to endpoints outside the documented project. The doc does recommend storing credentials in env vars and using an OTP secret for automation, which is within scope for automated login but has security implications.
Install Mechanism
There is no formal install spec in the registry; the SKILL.md tells users to run `python3 -m pip install --upgrade amazon-orders`. Installing from PyPI is a common pattern but carries normal supply-chain risk (pip package code will be downloaded and executed). The homepage points to a GitHub repo, which is expected; no remote download from unknown hosts is required by the SKILL.md itself.
Credentials
The skill requires AMAZON_USERNAME and AMAZON_PASSWORD (expected) and the registry also lists AMAZON_OTP_SECRET_KEY as required. The SKILL.md describes the OTP secret as optional for accounts with MFA. Declaring the OTP secret mandatory is disproportionate and sensitive: an OTP/TOTP secret in environment variables allows unattended login and effectively bypasses MFA protections. The number and sensitivity of required env vars are otherwise appropriate for a login-based scraper, but the mandatory OTP secret is a red flag unless you explicitly need unattended runs.
Persistence & Privilege
always:false (no forced global inclusion) and model-invocation is enabled (default). That means the agent could invoke the skill autonomously if permitted. Combining autonomous invocation with stored Amazon credentials (especially an OTP secret) increases risk because the agent could sign in and act on the account without interactive confirmation. This is not by itself a fatal issue, but be aware of the blast radius before enabling autonomous runs.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install amazon-orders
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /amazon-orders 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the amazon-orders skill. - Enables downloading and querying Amazon order history via an unofficial Python API and CLI. - Supports authentication using environment variables, interactive login, or config files. - Provides filtering for orders by year or time period (e.g., last 30 days, past 3 months). - Includes both Python library and CLI usage examples. - Adds guidance for handling MFA and exporting order data.
元数据
Slug amazon-orders
版本 1.0.0
许可证
累计安装 2
当前安装数 2
历史版本数 1
常见问题

Amazon Orders 是什么?

Download and query your Amazon order history via an unofficial Python API and CLI. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1238 次。

如何安装 Amazon Orders?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install amazon-orders」即可一键安装,无需额外配置。

Amazon Orders 是免费的吗?

是的,Amazon Orders 完全免费(开源免费),可自由下载、安装和使用。

Amazon Orders 支持哪些平台?

Amazon Orders 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Amazon Orders?

由 pfernandez98(@pfernandez98)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论