ClawHub

Cin7 Inventory

v2.0.0

Cin7 Core inventory management -- products, stock, orders, purchases, customers, and suppliers via bash scripts.

2· 285·1 current·1 all-time
by@yashthesiya1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (curl, bash), required env vars (CIN7_ACCOUNT_ID, CIN7_APP_KEY), and all script functionality consistently target the Cin7 Core API. The API headers, endpoints, and operations implemented (products, stock, orders, purchases, customers, suppliers) align with the declared purpose.
Instruction Scope
SKILL.md instructs running the included bash scripts from the skill directory; the scripts do only HTTP calls to the Cin7 API and parse command-line args. One notable behavior: scripts source a .env file (if present) and config.sh exports every key/value found, which is broader than strictly necessary if the .env contains unrelated secrets. Otherwise the instruction scope is narrow and consistent with the stated task.
Install Mechanism
This is instruction-only / script-based with no install spec and no network downloads or package installs. All code is provided in the bundle and executed with bash/curl, which is low-risk compared to remote install steps.
Credentials
The skill requires only two Cin7-related environment variables (CIN7_ACCOUNT_ID, CIN7_APP_KEY), which is proportionate. Caveat: config.sh will load and export all variables from a .env file in the skill directory (and falls back to CIN7_API_KEY), so placing other secrets in that .env could expose them to the scripts' runtime environment.
Persistence & Privilege
The skill does not request persistent/always-on privileges and does not modify other skills or system-wide agent settings. It appears to run only when invoked.
Assessment
This skill appears coherent for managing Cin7 Core via bash scripts. Before installing or running: (1) only provide the Cin7 account ID and app key — avoid putting unrelated secrets into the skill's .env because the scripts export every .env key; (2) review and, if desired, run the scripts in an isolated account or container to validate behavior; (3) confirm the API base URL matches your Cin7 instance and official docs; (4) inspect the update-order JSON construction (it injects the ID via sed) if you plan to pass complex JSON to ensure it produces valid payloads; and (5) verify you trust the skill source (homepage/owner metadata) since code runs locally.

Like a lobster shell, security has layers — review code before you run it.

latestvk9744zx4bqa5f0fjgp4vhfwr2h82fw6j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscurl, bash
EnvCIN7_ACCOUNT_ID, CIN7_APP_KEY

Comments