Eam
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can change or remove local asset-tracker records and create export files.
The script can append, delete, and export local tracker records. These capabilities are expected for the stated tracker purpose, but they still modify local user data.
_save_entry ... >> "$DATA_DIR/data.jsonl" ... sed -i "${num}d" "$DATA_DIR/data.jsonl" ... cp "$DATA_DIR/data.jsonl" "$out"Use remove and export commands deliberately, and review exported files before sharing them.
Asset information entered into the tracker remains on disk and may be shown again in later command output.
The skill keeps persistent local records that may later be listed, searched, or exported. This is disclosed and purpose-aligned, but users should treat stored asset data as persistent local context.
All data stored in `~/.eam/` using JSONL format (one JSON object per line).
Avoid storing highly sensitive asset details unless local persistence in ~/.eam is acceptable, and treat imported or shared entries as untrusted data.