| Version | Supported |
|---|---|
| amazon-analysis 1.1.x | ✅ Yes |
| apiclaw 1.x | ✅ Yes |
| older versions | ❌ No |
If you discover a security vulnerability in this skill, please report it responsibly:
- Email: security@srp.one
- Subject:
[SECURITY] amazon-analysis: <brief description> - Include: Steps to reproduce, potential impact, and suggested fix (if any)
Please do NOT open a public GitHub issue for security vulnerabilities.
We will acknowledge your report within 48 hours and aim to release a fix within 7 days for critical issues.
This security policy covers:
- The
scripts/apiclaw.pyCLI script - Credential handling (API key storage and transmission)
- Data exposure risks in skill documentation
- API Key Storage: Keys can be stored via environment variable (
APICLAW_API_KEY, preferred) orconfig.json(fallback). Theconfig.jsonfile is listed in.gitignoreto prevent accidental commits. - Network: The script only communicates with
https://api.apiclaw.io. No other external endpoints are contacted. - No Telemetry: This skill does not collect or transmit usage data.