Warehouse
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a local CLI-style data utility with no evidence of exfiltration or destructive behavior, but it persists user input locally and its install/command documentation is somewhat inconsistent.
Before installing, verify how the `warehouse` command is provided and that it maps to the reviewed script. Expect inputs to be saved locally under `~/.local/share/warehouse/`, avoid entering secrets, and clear that directory if you do not want retained history.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may need to manually connect the documented command to the included script, which can cause confusion if a different `warehouse` binary is already present or installed from elsewhere.
The artifacts also include a shell script and SKILL.md assumes a `warehouse` CLI command, so users should verify what command or script is actually being installed/invoked.
No install spec — this is an instruction-only skill.
Verify the installed `warehouse` command points to the reviewed script/source before using it.
Anything entered into the tool may remain on disk and may later appear in status, history, search, or export outputs.
User-supplied command input is saved persistently in local log files under the warehouse data directory.
DATA_DIR="${HOME}/.local/share/warehouse"
...
echo "$ts|$input" >> "$DATA_DIR/ingest.log"Avoid entering secrets or sensitive data unless you intend to store them locally; periodically review or delete `~/.local/share/warehouse/` if needed.