Eam
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a simple local asset tracker that stores data under ~/.eam and shows no network, credential, or hidden behavior in the provided artifacts.
This skill looks safe to use if you are comfortable with a local bash script creating ~/.eam, storing asset records there, and modifying or exporting those records when commanded. Review entries before export or sharing, and avoid putting highly sensitive asset details into the tracker unless local persistence is acceptable.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can change or remove local asset-tracker records and create export files.
The script can append, delete, and export local tracker records. These capabilities are expected for the stated tracker purpose, but they still modify local user data.
_save_entry ... >> "$DATA_DIR/data.jsonl" ... sed -i "${num}d" "$DATA_DIR/data.jsonl" ... cp "$DATA_DIR/data.jsonl" "$out"Use remove and export commands deliberately, and review exported files before sharing them.
Asset information entered into the tracker remains on disk and may be shown again in later command output.
The skill keeps persistent local records that may later be listed, searched, or exported. This is disclosed and purpose-aligned, but users should treat stored asset data as persistent local context.
All data stored in `~/.eam/` using JSONL format (one JSON object per line).
Avoid storing highly sensitive asset details unless local persistence in ~/.eam is acceptable, and treat imported or shared entries as untrusted data.