Aloudata CAN SKILLS - inventory-strategy
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is coherent for inventory diagnosis and shows no malicious behavior, but it will query business inventory data and write HTML reports that users should handle carefully.
This looks safe to use for inventory analysis if you trust the metric-query integration and are comfortable generating local HTML reports containing sales and inventory metrics. Review report files before sharing them externally.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Inventory and sales data may be queried through another agent/tool as part of the diagnosis.
The skill explicitly relies on another skill/Gateway to retrieve inventory and sales metrics. This is purpose-aligned, but data access and permissions are inherited from that integration.
**重要:本 Skill 依赖 metric-query Skill 完成数据查询。执行前先加载 metric-query。**
Use this only in workspaces where metric-query has appropriate access, and confirm that the requested inventory metrics are authorized for the user.
Generated report files may contain sensitive inventory, sales, and stock-value information.
The skill requires analysis outputs to be written as HTML reports, which can persist outside the chat and may include business KPIs, category details, and recommendations.
**所有分析输出必须生成 HTML 文件**
Store and share generated HTML reports according to your organization’s data-handling rules, and delete reports when no longer needed.
The agent may use local calculation code to classify inventory conditions, but the supplied code does not show side effects beyond computation.
The reference file presents Python classification logic that may be copied/executed for calculations. In the provided source it has no shell, network, credential, or file I/O behavior.
供标准模型直接复制执行
If execution is enabled, review any generated or copied code before running it in an environment with sensitive data.