Scrape, analyze, and summarize product reviews from multiple platforms (Amazon, Google, Yelp, TripAdvisor). Extract key insights, sentiment analysis, pros/cons, and recommendations. Use when researching products for arbitrage, creating affiliate content, or making purchasing decisions.
Security Analysis
high confidenceThe skill's description promises live, multi-platform scraping and analysis, but the shipped code uses only local mock data and contains mismatches with the stated capability — this incoherence warrants caution before use.
The README/description claims the skill scrapes Amazon, Google, Yelp, and TripAdvisor and integrates with their APIs, but the actual scraping implementation (scripts/scrape_reviews.py) returns hard-coded MOCK_REVIEWS and contains only comments about 'In production, integrate with:' APIs. There are no network calls or API integrations, no required credentials declared, and no real scraping logic. That is a substantive mismatch between the advertised purpose and the provided capability.
SKILL.md instructs the agent/user to run the provided scripts with product URLs as if they will fetch live reviews. The scripts accept URL and platform arguments, but scrape_reviews.py uses local mock data and will not retrieve external reviews. The instructions do not ask for credentials or API keys (even though real integrations would normally require them), which makes the runtime instructions misleading for someone expecting live scraping. The scripts only read/write files relevant to their task and do not reference unrelated system files or env vars.
There is no install spec (instruction-only metadata) and the repository contains plain Python scripts. No external installers, downloads, or archive extraction are specified. Risk from installation mechanism is low.
The skill declares no required environment variables, credentials, or config paths and none are needed by the included code. This is proportional to the actual (mock) implementation, but inconsistent with the written promise to integrate with third-party APIs — those would normally require credentials.
The skill does not request permanent presence (always: false) and contains no code that modifies other skills or system-wide agent settings. Scripts write output files as expected for a reporting tool; there is no evidence of elevated persistence or privilege requests.
Guidance
This skill is internally inconsistent: it advertises multi-platform web scraping and API integration but the shipped code only uses local MOCK_REVIEWS and no network/API calls. Before installing or relying on it: 1) If you expect live scraping, inspect and modify scrape_reviews.py — implement proper API clients or HTTP scraping and add secure handling for any API keys (do not hard-code secrets). 2) Verify Terms of Service and legal/privacy implications for scraping each platform. 3) Run the scripts in a sandbox first—they only write local files but you should confirm they won't make network requests you didn't expect. 4) If you see a later version that adds network calls, review those additions carefully (endpoints, credential handling, and any obfuscated or remote-download logic). 5) Be cautious granting credentials: the skill currently asks for none, but a real scraper would need API keys — ensure those are minimal-scope and stored securely.
Latest Release
v1.0.0
Initial release: Scrape and analyze product reviews from Amazon, Google, Yelp, TripAdvisor with sentiment analysis and automated insights
Popular Skills
Published by @Michael-laffin on ClawHub
