ClawHub

Supply Chain Mgmt

v1.0.0

Professional platform that generates personalized Supply Chain Management career roadmaps based on user assessment data and experience level.

0· 31·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, SKILL.md content, and openapi.json all describe a Supply Chain Management roadmap API and the required request/response schemas. There are no unexpected binaries, env vars, or config paths declared that would be unrelated to this purpose. One minor gap: the package provides API path definitions but does not declare a base URL/server or any hosting information (and the skill has no homepage or source link), which leaves where requests should be sent unspecified.
Instruction Scope
SKILL.md contains API usage examples, endpoint descriptions, request/response examples, and does not instruct the agent to read local files, access unrelated env vars, exfiltrate data, or call unexpected external endpoints. It also does not include open-ended instructions that grant broad discretion. It does not, however, specify a server/host for the API, so additional configuration would be required to actually call the service.
Install Mechanism
No install spec and no code files to execute — this is instruction-only, which is the lowest-risk install profile. Nothing is written to disk or automatically downloaded by the skill.
Credentials
The skill declares no required environment variables, credentials, or config paths. That is proportionate for an API documentation/integration skill. There are no hidden references in SKILL.md or openapi.json to secrets or unrelated services.
Persistence & Privilege
always is false (default) and the skill does not request persistent system privileges or modify other skills. It is user-invocable and allows normal autonomous invocation (the platform default), which is expected for skills.
Assessment
This skill appears coherent and low-risk technically (no installs, no credentials). Before installing, consider: 1) the package has no source repository or homepage and the API base URL/server is not specified — ask the provider for the API host, privacy policy, and data-handling practices; 2) avoid sending sensitive PII in example requests until you confirm where data will be sent and stored; and 3) if you plan to let agents call the skill autonomously, restrict its usage or run it in a sandbox until you verify the real backend and trustworthiness of the publisher.

Like a lobster shell, security has layers — review code before you run it.

latestvk972x4h9pz12gpdv2c0mbgtcdd849v9q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments