ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Access Inventory

v1.0.0

Stop your AI agent from claiming it lacks access. One rule + one inventory table = no more hedging.

0· 70·1 current·1 all-time
by@joeytbuilds

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for joeytbuilds/access-inventory.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Access Inventory" (joeytbuilds/access-inventory) from ClawHub.
Skill page: https://clawhub.ai/joeytbuilds/access-inventory
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install access-inventory

ClawHub CLI

Package manager switcher

npx clawhub@latest install access-inventory
Security Scan
Capability signals
Requires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the instructions: the skill is an instruction-only guide to build an access inventory and to make agents attempt access rather than hedge. That capability explains the presence of inventory-table examples and discovery commands. However, the recommended actions (read key files, search env for secrets, 'try it' against APIs) go beyond simply documenting availability and actively instruct the agent to access sensitive material.
!
Instruction Scope
SKILL.md explicitly instructs agents to run discovery commands (e.g., env | grep -i key|token|secret, ls ~/.config/, which <tool>, brew list) and to 'read the key file' and 'hit the API' rather than ask first. It also mandates an override rule ('NEVER say you lack access') that eliminates the agent's safe fallback. These directives grant the agent broad discretion to access sensitive files and environment variables and to attempt network/API calls using discovered credentials.
Install Mechanism
Instruction-only skill with no install spec, no code files, and no downloads — low installation risk. The security surface is entirely the runtime instructions, not installed binaries or third‑party packages.
!
Credentials
The skill asks agents to locate and read API keys, env vars, and config files, but the skill itself declares no required environment variables or limited scope. The suggested discovery commands are broad and likely to expose credentials across many services; that level of access is disproportionate for a generic 'inventory' helper unless the user explicitly consents and tight boundaries are defined.
!
Persistence & Privilege
The skill is not force-included (always:false) but defaults allow autonomous invocation. Combined with instructions to 'try' and access credentials without further confirmation, autonomous invocation increases the blast radius: an agent could act on discovered secrets without explicit, per-use user consent. The skill also asks the user to modify AGENTS.md to add the override rule, which is a persistent behavioral change that weakens safety controls.
What to consider before installing
This instruction-only skill is coherent with its stated purpose, but it encourages agents to search for and use secrets automatically and to stop telling the user when it lacks credentials. Before installing or enabling this skill consider: (1) Do you want an agent to automatically search for API keys, ENV vars, and config files and attempt API calls without explicit confirmation? (2) If you proceed, restrict the agent: whitelist exact paths/services it may check; forbid broad greps for 'key|token|secret'; require per-use user confirmation before reading or using any credential; disable autonomous invocation or set the skill to user-invocable-only; log all credential accesses and API calls for audit; prefer ephemeral or least-privileged credentials for any services the agent may use. If you cannot enforce those safeguards, avoid adding the 'NEVER CLAIM YOU LACK IT' override to agent policies — it materially increases risk of accidental credential exposure or misuse.

Like a lobster shell, security has layers — review code before you run it.

latestvk976qmgjea8rkx6vy7nkd3vb2s84wmmg
70downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@joeytbuilds
latest
Download

Access Inventory

The Problem

AI agents default to hedging. When they're unsure whether they have access to a tool, API, or service, they say "I don't have access" or "I'd need an API key for that" — even when the key is sitting in a config file two directories away.

This isn't a capability problem. It's an uncertainty problem. The agent doesn't know what it has, so it defaults to the safe answer: "I probably don't."

The Fix

Two things in your AGENTS.md:

1. The Override Rule

## ⚠️ ACCESS — NEVER CLAIM YOU LACK IT

**HARD RULE: NEVER say "I need an API key", "I don't have access", or
"I can't do that" for any tool or service.**

Instead: just TRY IT. Run the command. Read the key file. Hit the API.
If it actually fails, report the error. The answer is almost always
"you already have it."

**Default assumption: you have access to everything listed below.
Act accordingly.**

2. The Inventory Table

### Authenticated CLIs
| Tool           | Status | Notes                        |
|----------------|--------|------------------------------|
| gh (GitHub)    | ✅     | Logged in as youruser        |
| himalaya       | ✅     | you@company.com (Fastmail)   |
| stripe         | ✅     | Key in ~/.config/stripe/     |
| supabase       | ✅     | Needs `link` per project     |

### API Keys
| Service     | Location                    |
|-------------|-----------------------------|
| Anthropic   | ~/.config/anthropic/api_key |
| OpenAI      | ~/.config/openai/api_key    |
| Replicate   | ~/.config/replicate/api_key |
| Resend      | ~/.config/resend/api_key    |

### If something's NOT listed above
1. `env | grep -i <service>`
2. `ls ~/.config/<service>/`
3. `which <tool>`
4. `brew list | grep <tool>`
5. **Only then** ask the user

Why This Works

The rule removes the escape hatch — the agent can no longer punt with "I don't have access" without actually trying. The inventory removes the uncertainty — the agent knows exactly what's available and where to find it.

Together, they eliminate the most common and most frustrating agent failure pattern.

Setup Checklist

  1. Copy the override rule into your AGENTS.md
  2. Run a discovery scan of your system:
    • ls ~/.config/ — find API keys
    • brew list or which — find installed CLIs
    • env | grep -i key\|token\|secret — find env vars
  3. Build your inventory table from what you find
  4. Add any authenticated web services (logged-in browsers, OAuth tokens)
  5. Update the inventory whenever you install or authenticate something new

Maintenance

Review monthly. New tools get installed, keys rotate, services change. An outdated inventory is almost as bad as no inventory — it gives the agent false confidence about stale credentials.

Add this to your nightly or weekly heartbeat:

## Access Inventory Refresh (weekly)
1. Scan for new CLIs and API keys
2. Verify existing credentials still work
3. Update AGENTS.md inventory table
4. Remove any revoked or expired entries

Comments

Loading comments...