Lab Inventory Predictor
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is a coherent local lab-inventory tracker and predictor, with minor cautions about stored lab data, custom file paths, and an unnecessary unpinned dependency install.
Before installing, confirm you are comfortable storing lab inventory and usage records in the local workspace file. Use the default workspace path where possible, be cautious with custom file paths, and skip or pin the unnecessary `dataclasses` dependency on Python 3.8+.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the optional requirements install could fetch external package code that is not necessary for the documented Python version.
The package includes an unpinned dependency. This is minor but noteworthy because SKILL.md also says the skill has no external dependencies and targets Python 3.8+, where dataclasses is already in the standard library.
dataclasses
Use Python 3.8+ and avoid installing the requirements file unless needed, or ask the publisher to remove or pin the unnecessary dependency.
If a custom data file path is supplied, the skill can create or overwrite a local JSON file at that path.
The implementation writes inventory data to the configured data path. This is purpose-aligned, but custom paths should be handled carefully to avoid accidental overwrites.
self.data_path = data_path or self.DEFAULT_DATA_PATH ... with open(self.data_path, 'w', encoding='utf-8') as f:
Prefer the documented workspace data path and confirm any custom `--data-file` or output path before allowing writes.
Lab inventory and experiment usage details may remain on disk between sessions.
The skill stores persistent inventory and usage-history records locally. Those records may include sensitive lab operational details such as reagent stock and experiment identifiers.
DEFAULT_DATA_PATH = os.path.expanduser("~/.openclaw/workspace/data/lab-inventory.json") ... "usage_history": [u.to_dict() for u in self.usage_history]Treat the inventory JSON as sensitive lab operations data, avoid unnecessary confidential experiment names, and manage file access/retention appropriately.