ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Erp

v2.0.1

Plan resources, track inventory, and coordinate departments with reporting. Use when allocating resources, managing stock, or tracking department KPIs.

0· 280·0 current·0 all-time
by@bytesagain1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (ERP logging, planning, reporting) align with the included script and SKILL.md. The tool only writes and reads local log files and provides exports and search — all coherent with the stated purpose. (Minor: SKILL.md and script advertise v2.0.0 while registry lists v2.0.1; this is an informational mismatch, not a security concern.)
Instruction Scope
Runtime instructions and the script limit operations to creating/reading/writing logs in $HOME/.local/share/erp and using standard POSIX utilities (date, grep, wc, du, head, tail). The SKILL.md does not instruct the agent to read unrelated system files, network endpoints, or environment variables beyond HOME.
Install Mechanism
No install spec; this is an instruction-only skill with a bundled shell script. Nothing is downloaded or installed from remote URLs.
Credentials
No environment variables, credentials, or config paths are required. The script uses HOME to determine a local data directory, which is proportionate to its stated function.
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform-level privileges. Its only persistent effect is creating and updating files under the user's home directory (~/.local/share/erp), which is expected for a local logging tool.
Assessment
This skill appears internally consistent and operates fully offline, storing data under ~/.local/share/erp. Before installing, consider: (1) review the script yourself (it's plain shell) if you want extra assurance; (2) do not log secrets—entries are stored as plain text; (3) set appropriate filesystem permissions on ~/.local/share/erp if multiple users share the system; (4) back up or delete the data directory when no longer needed; and (5) note the minor version string mismatch (registry 2.0.1 vs script/README 2.0.0) — nothing dangerous, but you may want the publisher to clarify.

Like a lobster shell, security has layers — review code before you run it.

latestvk979aqt0b8ad17865f3c3qgjr9835rsb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments