中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:16 hr ago Rescan
5 /100
amazon-after-sales-flow
Playwright-based Amazon after-sales automation: open orders, order details, contact flow, and draft/send seller messages with explicit dual-authorization send gate
This is a legitimate Playwright-based Amazon after-sales automation skillpack with proper sandboxing, URL allowlisting, send guards, and no malicious indicators.
Skill Nameamazon-after-sales-flow
Duration54.7s
Enginepi
Safe to install
Approve for use. The skill is well-structured with proper security controls including Amazon-only URL allowlisting, dual-authorization send gates, and local-only artifact storage.

Findings 2 items

Severity Finding Location
Low
Unpinned Playwright dependency Supply Chain
package.json specifies playwright as ^1.58.2 using a caret range, allowing minor/patch updates. This is a minor supply-chain risk for a well-maintained, reputable package.
"playwright": "^1.58.2"
→ Pin to exact version: "playwright": "1.58.2"
 package.json:7
Low
skill.yaml skill.py uses shell:WRITE but only for node invocation Doc Mismatch
All 15 skill.py files are byte-identical (hash a22d97f54a24a2164247a7b8ac0786b84d3294fcbf71ecad019104f752b98dd6) and use subprocess.run(['node', ...]). This is a legitimate wrapper pattern, not arbitrary shell execution, but subprocess usage could be declared in SKILL.md for transparency.
subprocess.run(["node", str(script), input_text or ""], ...)
→ Document the Node.js invocation pattern in SKILL.md safety section
 skills/*/skill.py:6
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned Screenshots/artifacts saved to artifacts/ directory; declared in SKILL.md and sk…
Network READ READ ✓ Aligned Only navigates to amazon.com URLs via strict isTrustedAmazonUrl() allowlist; no …
Shell NONE NONE skill.py uses subprocess.run(['node', ...]) to invoke skill.js; skill.js uses Pl…
Browser WRITE WRITE ✓ Aligned Full Playwright browser automation (click, type, navigate, screenshot, extract) …
Environment NONE NONE No os.environ iteration or credential access observed
Skill Invoke WRITE WRITE ✓ Aligned Skill orchestration through runSkill() and runFullFlow() entry points
6 findings
🔗
Medium External URL 外部 URL
https://www.amazon.com/your-orders/order-details?orderID=114-1234567-1234567
dist/skills/amazon_contact_flow.json:67
🔗
Medium External URL 外部 URL
https://www.amazon.com/gp/help/contact/contact.html
dist/skills/amazon_contact_flow.json:73
🔗
Medium External URL 外部 URL
https://www.amazon.com/gp/message?threadId=EXAMPLE
dist/skills/amazon_contact_flow.json:74
🔗
Medium External URL 外部 URL
https://www.amazon.com/your-orders/orders?timeFilter=year-2025\u0026ref_=ppx_yo2ov_dt_b_filter_all_y2025
dist/skills/amazon_orders_opener.json:41
🔗
Medium External URL 外部 URL
https://www.amazon.com/gp/message?threadId=ABC123
dist/skills/message_monitor.json:53
🔗
Medium External URL 外部 URL
https://www.amazon.com
skills/_easybuy_browser_runtime.js:56

File Tree

70 files · 141.0 KB · 3698 lines
JavaScript 17f · 2222L JSON 20f · 940L Python 15f · 240L Markdown 17f · 239L YAML 1f · 57L
├─ 📁 dist
│ ├─ 📁 playbooks
│ │ ├─ 📋 refund.json JSON 26L · 629 B
│ │ ├─ 📋 replacement.json JSON 26L · 648 B
│ │ └─ 📋 return.json JSON 23L · 548 B
│ └─ 📁 skills
│ ├─ 📋 amazon_contact_flow.json JSON 82L · 5.0 KB
│ ├─ 📋 amazon_order_details_fetcher.json JSON 39L · 2.0 KB
│ ├─ 📋 amazon_orders_opener.json JSON 46L · 2.3 KB
│ ├─ 📋 amazon_orders_scraper.json JSON 55L · 2.8 KB
│ ├─ 📋 amazon_price_checker.json JSON 33L · 1.5 KB
│ ├─ 📋 amazon_product_detector.json JSON 57L · 2.9 KB
│ ├─ 📋 amazon_review_scraper.json JSON 34L · 1.6 KB
│ ├─ 📋 case_exporter.json JSON 36L · 1.9 KB
│ ├─ 📋 evidence_builder.json JSON 56L · 2.9 KB
│ ├─ 📋 form_filler.json JSON 68L · 4.0 KB
│ ├─ 📋 message_drafter.json JSON 76L · 4.5 KB
│ ├─ 📋 message_monitor.json JSON 67L · 3.8 KB
│ ├─ 📋 order_reader.json JSON 57L · 2.8 KB
│ ├─ 📋 price_alert_manager.json JSON 32L · 1.5 KB
│ └─ 📋 registry.json JSON 61L · 2.2 KB
├─ 📁 scripts
│ └─ 📜 validate-skills.mjs JavaScript 231L · 6.0 KB
├─ 📁 skills
│ ├─ 📁 amazon_contact_flow
│ │ ├─ 📝 prompt.md Markdown 7L · 248 B
│ │ ├─ 📜 skill.js JavaScript 17L · 462 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 amazon_order_details_fetcher
│ │ ├─ 📝 prompt.md Markdown 11L · 329 B
│ │ ├─ 📜 skill.js JavaScript 17L · 471 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 amazon_orders_opener
│ │ ├─ 📝 prompt.md Markdown 7L · 250 B
│ │ ├─ 📜 skill.js JavaScript 17L · 463 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 amazon_orders_scraper
│ │ ├─ 📝 prompt.md Markdown 7L · 252 B
│ │ ├─ 📜 skill.js JavaScript 17L · 464 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 amazon_price_checker
│ │ ├─ 📝 prompt.md Markdown 7L · 250 B
│ │ ├─ 📜 skill.js JavaScript 17L · 463 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 amazon_product_detector
│ │ ├─ 📝 prompt.md Markdown 7L · 256 B
│ │ ├─ 📜 skill.js JavaScript 17L · 466 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 amazon_review_scraper
│ │ ├─ 📝 prompt.md Markdown 7L · 252 B
│ │ ├─ 📜 skill.js JavaScript 17L · 464 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 case_exporter
│ │ ├─ 📝 prompt.md Markdown 7L · 236 B
│ │ ├─ 📜 skill.js JavaScript 17L · 456 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 evidence_builder
│ │ ├─ 📝 prompt.md Markdown 7L · 242 B
│ │ ├─ 📜 skill.js JavaScript 17L · 459 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 form_filler
│ │ ├─ 📝 prompt.md Markdown 7L · 232 B
│ │ ├─ 📜 skill.js JavaScript 17L · 454 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 hello
│ │ ├─ 📝 prompt.md Markdown 26L · 883 B
│ │ ├─ 📜 skill.js JavaScript 172L · 4.9 KB
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 message_drafter
│ │ ├─ 📝 prompt.md Markdown 7L · 240 B
│ │ ├─ 📜 skill.js JavaScript 17L · 458 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 message_monitor
│ │ ├─ 📝 prompt.md Markdown 7L · 240 B
│ │ ├─ 📜 skill.js JavaScript 17L · 458 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 order_reader
│ │ ├─ 📝 prompt.md Markdown 7L · 234 B
│ │ ├─ 📜 skill.js JavaScript 17L · 455 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 price_alert_manager
│ │ ├─ 📝 prompt.md Markdown 7L · 248 B
│ │ ├─ 📜 skill.js JavaScript 17L · 462 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ └─ 📜 _easybuy_browser_runtime.js JavaScript 1581L · 62.6 KB
├─ 📋 package-lock.json JSON 56L · 1.6 KB
├─ 📋 package.json JSON 10L · 162 B
├─ 📝 README.md Markdown 58L · 1.4 KB
├─ 📝 SKILL.md Markdown 53L · 1.5 KB
└─ 📋 skill.yaml YAML 57L · 2.3 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
playwright ^1.58.2 npm No Caret range allows minor/patch updates; consider pinning to exact version

Security Positives

✓ Strong URL allowlisting: isTrustedAmazonUrl() only permits amazon.com domains
✓ Dual-authorization send gate: requires both auto_send=true AND confirm_send=true to send messages
✓ URL-only free text input blocking: isLikelyUrlInput() prevents direct URL injection
✓ No credential harvesting: no access to ~/.ssh, ~/.aws, .env, or os.environ secrets
✓ No data exfiltration: all artifacts stored locally in artifacts/ directory with no external upload endpoint
✓ No obfuscation: all code is plain JavaScript, no base64, eval, or encoded payloads
✓ No reverse shell or C2: no network requests to external IPs or unknown domains
✓ No persistence mechanisms: no cron jobs, startup scripts, or backdoor installation
✓ Intentional safety removals documented: 'Legacy shell URL opener is removed' in SKILL.md
✓ Explicit send confirmation requirement documented prominently
✓ Browser context uses ephemeral/peristent profile in .browser-profile/ (scoped, local)
✓ DOM extraction is limited to Amazon order/messaging pages via skill definitions