Steam Community Inventory
ReviewAudited by ClawScan on May 10, 2026.
Overview
This read-only Steam inventory skill is coherent, but it requires a sensitive Steam session cookie that users should handle carefully.
The skill appears to be a straightforward, read-only Steam inventory helper. Before using it, remember that `steamLoginSecure` is a real session cookie, not a harmless API key. Only use it in a trusted terminal, keep it out of logs and chats, and remove it from your environment after retrieving your inventory.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the Steam cookie is exposed through shell history, logs, shared transcripts, or other local processes, someone could potentially reuse the session cookie to access the user's Steam session.
The skill asks the user to provide a Steam session cookie and sends it as a Cookie header to Steam. This is expected for authenticated inventory access, but the cookie is a sensitive bearer credential.
Copy the value of the `steamLoginSecure` cookie ... export STEAM_COOKIES="steamLoginSecure=your-cookie-value"
Use this only on a trusted machine, avoid sharing the cookie or command output, do not paste it into public logs, and unset the environment variable when finished.