Fridge
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: fridge Version: 2.0.1 The 'fridge' skill is a local inventory management tool that tracks household items via a bash script. Analysis of 'scripts/script.sh' shows it performs basic file operations (logging, searching, and exporting) within a dedicated local directory (~/.local/share/fridge) without any network activity, data exfiltration, or suspicious command execution. The 'SKILL.md' file provides standard instructions and output mappings for the AI agent that align perfectly with the tool's stated functionality.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may not work unless the `fridge` command is installed separately, and users should make sure they know which executable they are running.
The SKILL.md tells users to run `fridge` commands and the manifest includes `scripts/script.sh`, but the registry does not define how the CLI is installed or declare a required binary. This is a setup/provenance gap rather than evidence of malicious behavior.
No install spec — this is an instruction-only skill.
Verify the source and installation method for the `fridge` CLI before using it, especially if installing it outside the reviewed skill package.
Items, reminders, costs, and activity history you enter can be stored locally and later searched, viewed, or exported.
The script creates a persistent local data directory and logs user-supplied inventory/activity entries there. This matches the skill purpose and is disclosed, but it means household and cost information remains on disk.
DATA_DIR="${HOME}/.local/share/fridge"
mkdir -p "$DATA_DIR"
_log() { echo "$(date '+%m-%d %H:%M') $1: $2" >> "$DATA_DIR/history.log"; }Avoid entering information you do not want stored locally, and periodically review or delete `~/.local/share/fridge/` if needed.