Amazon Inventory Forecast
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a straightforward inventory-forecasting helper; the main things to notice are local Bash/file access and saved business data in a home-directory workspace.
Before installing, be aware that this skill may create ~/amazon-inventory/ and save your pasted inventory data there. It does not show evidence of external integrations or credential use, but you should verify the forecast math before making purchasing decisions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may use shell/file operations to create a local inventory folder and save reports; if misused, shell access can affect local files, though the described scope is a dedicated workspace.
The skill is allowed to use a broad shell tool and describes creating local workspace files. This is disclosed and aligned with saving forecasts, but users should still notice the local file-operation authority.
allowed-tools: Bash ... Creates `~/amazon-inventory/` containing:
Keep any approved file operations limited to ~/amazon-inventory/ and review unexpected Bash commands before allowing them.
Your pasted inventory and sales information may remain on disk and may influence later forecast work.
The skill stores SKU, sales, forecast, alert, and recommendation history as persistent local context.
`skus.md` — tracked SKUs with sales history and parameters ... `reorder-log.md` — history of reorder recommendations made
Only provide data you are comfortable storing locally, review saved assumptions before reusing forecasts, and delete ~/amazon-inventory/ when it is no longer needed.