Steam Games CLI
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the external CLI gives that package local execution ability under the user's account.
The skill directs the user to globally install an external npm CLI. This is central to the skill's purpose, but it means trust depends on the external package's provenance rather than code included in the submitted artifacts.
npm install -g steam-games-cli
Verify the npm package and GitHub project before installing, consider pinning a version, and uninstall it if it is no longer needed.
The configured CLI and agent can use the Steam API key to read Steam profile and library information needed for recommendations.
The skill requires a Steam API key and Steam ID to query the user's Steam profile and library. This is expected for the stated purpose, but it is still account-linked credential use.
env: ["STEAM_API_KEY"] ... steam config set-key YOUR_API_KEY steam config set-user YOUR_STEAM_ID
Use a Steam API key you can revoke, do not paste it into public chats or logs, and remove or revoke it if you stop using the skill.