ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Intelligent Asset Management

IT 资产管理,硬件/软件全生命周期。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 39 · 0 current installs · 0 all-time installs
by@yang1002378395-cmyk
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description (IT asset lifecycle) match the installation steps (a Python/FastAPI app using PostgreSQL). That capability is plausible for the stated purpose, but metadata is incomplete (no homepage, source unknown) and skill.json author differs from SKILL.md author, which is an inconsistency.
!
Instruction Scope
SKILL.md explicitly instructs cloning a GitHub repo and running pip install -r requirements.txt and python app.py. Those steps execute unreviewed third‑party code and may request or require credentials (DB, etc.) or perform network activity. The SKILL.md does not declare the environment variables or files the app will need, nor does it limit what the fetched code may do.
!
Install Mechanism
There is no formal install spec in the registry; the README-style instructions ask the user/agent to fetch code from a GitHub repo and run it locally. While GitHub is a common host, cloning and executing an unvetted repository is a high-risk install pattern because the code is not included for review and no checksums or pinned releases are provided.
!
Credentials
The skill declares no required environment variables or credentials, yet the described stack (PostgreSQL, scanning integration) would normally require DB credentials and possibly API keys. The absence of declared env vars is an under-specification that could lead to ad-hoc requests for secrets at runtime.
Persistence & Privilege
The skill does not request always:true and no install creates persistent platform-level privileges. It is user-invocable and can be invoked autonomously (platform default), which is normal.
What to consider before installing
This skill is suspicious because it asks you (via SKILL.md) to clone and run a GitHub project but provides no code in the skill bundle and doesn't declare needed credentials. Before installing or running it: 1) Verify the GitHub repository URL and review its code (app.py, requirements.txt) for network calls, credential-handling, and surprising behavior; 2) prefer running the code in an isolated VM or container; 3) do not supply production DB credentials—use a throwaway/test database; 4) ask the publisher to provide a homepage, explicit env var requirements, pinned releases/checksums, and include the code or a vetted install spec in the registry; 5) if you lack the ability to audit the repo, avoid running the provided install steps.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
aivk97fhayxa1pc9jrrx54bqghs09834dgqautomationvk97fhayxa1pc9jrrx54bqghs09834dgqintelligentvk97fhayxa1pc9jrrx54bqghs09834dgqlatestvk97fhayxa1pc9jrrx54bqghs09834dgq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤖 Clawdis

SKILL.md

AI 智能资产管理系统

描述

IT 资产管理,硬件/软件全生命周期。

功能

  • 资产登记(批量导入)
  • 生命周期(采购/使用/报废)
  • 软件许可(到期提醒)
  • 资产盘点(自动化)
  • 成本分析(资产价值)

定价

  • 基础版:¥99/月(500 资产)
  • 专业版:¥499/月(5000 资产)
  • 企业版:¥1999/月(无限资产)

适用场景

  • IT 资产管理
  • 固定资产管理
  • 软件许可管理
  • 设备管理

技术栈

  • Python + FastAPI
  • 数据库(PostgreSQL)
  • 扫码集成
  • 报表生成

安装

git clone https://github.com/openclaw-skills/ai-intelligent-asset-management
cd ai-intelligent-asset-management
pip install -r requirements.txt
python app.py

创建:2026-03-13 作者:OpenClaw Skills Team

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…