Inventory Manager

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a static inventory-management reference that prints documentation and does not request credentials, network access, or persistent access.

This looks suitable as a low-risk reference skill. Before installing, note that it includes a bash script, but the provided artifacts show static inventory documentation output rather than network access, credential use, or data modification.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ASI05: Unexpected Code Execution

Info

What this means

Invoking the skill may run a local shell script, but the provided content indicates it only prints reference text.

Why it was flagged

The skill includes a local bash script, but the shown implementation uses heredocs to print static inventory reference documentation, which is aligned with the declared purpose.

Skill content

#!/usr/bin/env bash
# inventory-manager — Inventory Management Reference
set -euo pipefail
...
cmd_intro() { cat << 'EOF'

Recommendation

Use it as a documentation/reference skill, and review future versions if they add behavior beyond static text output.