Find profitable Amazon niches and category opportunities with structured category tree data, niche filters, BSR analysis, category path lookup, and marketpla...
Security Analysis
high confidenceThe skill's code, instructions, and requested credentials are consistent with an Amazon niche/category data client and do not request unrelated privileges.
Name/description (Amazon niche/category research) match the implemented client. Requiring python3 and an API key (or email+password) is appropriate for a service-backed API client. The network target (scrapeapi.pangolinfo.com) aligns with the Pangolinfo homepage. Minor metadata mismatch: the registry summary lists no primary credential but SKILL.md metadata sets primaryEnv: PANGOLINFO_API_KEY (harmless but inconsistent).
Runtime instructions tell the agent to run the included Python script and pass API parameters; the script only uses the declared credentials (PANGOLINFO_API_KEY or PANGOLINFO_EMAIL/PANGOLINFO_PASSWORD) and optional cache flags. The SKILL.md explicitly warns not to use this skill for scraping and documents the APIs and credit costs. No instructions ask the agent to read unrelated system files or contact unexpected endpoints.
No install spec — instruction-only with bundled Python scripts. No external downloads, package installs, or extract-from-URL steps. This is low-risk from an installation perspective; the script uses stdlib urllib for network calls.
Requested credentials (API key or email+password) are proportional to the purpose. Two minor inconsistencies: (1) registry-level 'Required env vars' lists PANGOLINFO_API_KEY, PANGOLINFO_EMAIL, and PANGOLINFO_PASSWORD (which implies all three are required), whereas SKILL.md and the script accept either API key OR email+password — the intent is clearly an API key preferred with email/password as fallback; (2) SKILL.md documents optional PANGOLINFO_CACHE but that env var is not listed in the registry requires.env. These are metadata/declared-variable inconsistencies rather than functional issues.
Skill is not always-enabled and does not request elevated system privileges. The client defaults to in-memory credentials; disk persistence is documented as opt-in (via a cache flag or env) and writes to ~/.pangolinfo_api_key with mode 600 if enabled. No evidence the skill modifies other skills or system-wide configuration.
Guidance
This skill appears to do what it says: a thin Python client that calls Pangolinfo's Amazon niche/category APIs. Before installing: (1) confirm you trust pangolinfo.com and are willing to provide an API key (preferred) or an account email+password — avoid giving your password unless necessary; prefer API key. (2) Note the optional cache feature can persist your API key to ~/.pangolinfo_api_key if you opt in; by default the script keeps credentials in memory. (3) The self-test and some endpoints consume API credits — check the documentation and your account balance. (4) Be aware of small metadata mismatches (registry requires.env vs SKILL.md primaryEnv and optional cache env var); these are not functional red flags but you may want the publisher to correct the metadata for clarity.
Latest Release
v2.0.3
pangolinfo-amazon-niche 2.0.2 is a minor update refining the description and metadata for improved clarity and discoverability. - Enhanced the skill description to clearly outline use cases and ideal scenarios for Amazon niche and category analysis. - Updated tags for better searchability and relevance to niche and category research. - Added "primaryEnv" and "bins" to metadata for improved environment and runtime detection. - No changes to functionality or script execution; this is a documentation and metadata improvement release.
More by @pangolinfo
Published by @pangolinfo on ClawHub
