Actions (Amazon Ads Writes)
Safety guide for the 14 tools that modify your Amazon Advertising account. Read this before enabling action tools in any host.
⚠️ These tools spend real money
Action tools call the Amazon Ads API. A single misread of a sales report could spawn 10 campaigns at $500/day each. There is no automatic rollback. Treat every propose_* call as if you were typing into the Amazon Ads UI yourself.
What are actions?
TitanConnect exposes 14 tools beyond the 29 read tools. They cover Sponsored Products portfolio/campaign/ad-group/keyword/target/product-ad creation and updates, plus Sponsored Brands and Sponsored Display campaign updates, plus a read-only bid-recommendations tool. Each call goes through Nexus's Live API, which validates the request, optionally simulates it (dry-run mode), and returns a multi-status response per item.
Action tools are gated behind the OAuth scope tools:write (or mcp). API-key (tk_*) authentication does not grant action access.
Real-world danger scenarios
- Duplicate campaigns: agent misreads a "do this for each ASIN" instruction and creates 10 copies of the same campaign at full daily budget each.
- Wrong-marketplace target: a US-targeted keyword gets attached to a UK ad group because the agent didn't re-validate the active marketplace before the call.
- Accidental archive: an "update state" call on a winning campaign pauses it instead of the intended low-performer.
- Always-Allow runaway: the user toggled "Always Allow" once for a single low-risk negative keyword, then a follow-up turn spawns 10 high-risk campaigns without further prompts.
Why dry-run is on by default
Every TitanConnect deployment ships with ACTIONS_FORCE_DRY_RUN=true. Calls hit Nexus for validation but are not executed on Amazon. The tool result includes dryRun: true to signal this. To verify, look for that flag on every action response. Operators flip the env var to false only after the runbook is signed off.
⚠️ Do not enable "Always Allow"
Most MCP hosts (Claude.ai, Claude Desktop, Claude Code) let you toggle "Always Allow" per tool — once on, the model can call that tool with no further prompt. Once you toggle Always Allow for a propose_* tool, the human-in-the-loop is gone. We strongly recommend reviewing every action call. The tools are designed assuming you'll see and read each prompt.
Approval surfaces by host
| Host | Approval surface |
|---|---|
| Claude.ai web (Custom Connector) | Modal dialog with tool name + JSON args |
| Claude Desktop | Similar permission dialog |
| Claude Code plugin | Permission prompt unless pre-allowlisted in ~/.claude/settings.json |
| Cowork | Per-tool prompt |
| OpenClaw | NO PROMPT.OpenClaw runs unattended — the skill's narration is the only safeguard. |
Rollback recipes
| Action | How to undo |
|---|---|
| Created campaign | propose_update_sp_campaign with state: ARCHIVED |
| Created keyword | propose_update_sp_target with state: ARCHIVED |
| Updated budget | Re-call propose_update_sp_campaign with the prior budget value |
| Added neg keyword | No archive — only state toggles. Document the addition. |
Each rollback call also requires user approval (or, in OpenClaw, explicit narration before the call).
Recommended account hygiene
- Set account-wide budget capsin Titan Tools or directly in Amazon Ads Console before enabling action tools. Even a runaway agent can't create campaigns above the cap.
- Start with low-risk actions only(negative keywords, campaign pauses). Don't enable high-risk tools until you've watched a full week of low-risk usage.
- Audit
action_logsweekly for the first month. Every call writes a row withcorrelationId, entity, before/after values, and dryRun status. - Use the same TitanConnect account for all action calls— don't share OAuth tokens across team members. Audit-trail integrity depends on a 1:1 user → token mapping.
Reporting unexpected behavior
Every action result includes a correlationId. When reporting an issue, include this ID — it lets us trace the exact request through Nexus, the Titan Tools system, and our action_logs table.
Per-interface gotchas live on the host docs: Custom Connector, Claude Desktop, Claude Code, Cowork, OpenClaw.