amazon-reviews-api-skill

This skill is functionally coherent: it asks for a BrowserAct API key and an ASIN, runs a local Python script which calls a third-party Amazon review extraction API, and prints structured review data. The main security concerns are supply-chain/trust and privacy: reviewer PII and request metadata are sent to a third-party scraping provider (BrowserAct), the skill lacks documentation of endpoints, retention, and privacy policies, and it advises bypassing CAPTCHAs and IP restrictions which may contravene Amazon's terms. There is no evidence in the provided text of credential-harvesting, obfuscated payloads, or direct malicious code. Recommended mitigations: verify BrowserAct's trustworthiness and data handling policies before providing API keys, avoid collecting unnecessary PII, and ensure legal/TOS compliance for scraping.