amazon-product-api-skill

This skill implements Amazon product data extraction via a third-party gateway (BrowserAct) and a Python script that requires an API key. The primary risk stems from centralizing credentialed scraping through a single remote provider (BrowserAct) and executing a third-party script whose contents were not provided for review. Operational claims that the service avoids CAPTCHA and IP restrictions raise additional ethical and potential legal concerns. No direct evidence in the provided documentation indicates malware, obfuscation, or credential theft, but absent the actual script code, residual supply-chain risk remains. Recommended actions: (1) inspect and audit the ./scripts/amazon_product_api.py source before executing; (2) avoid pasting API keys into shared terminals or logs; (3) limit automated periodic exports and review destinations; (4) validate BrowserAct’s trustworthiness and data-handling policies; (5) treat the integration as medium risk and do not run it in high-sensitivity environments until audited.