Safety Report

Orders

Name: Orders
Author: xueyetianya

Manage and track orders, handle returns, generate invoices, monitor shipping, and analyze sales with a local order management toolkit.

42Downloads

0Installs

0Stars

2Versions

E-Commerce1,690 Monitoring & Logging1,579 PDF & Documents1,388 Finance & Accounting1,347

Security Analysis

high confidence

Clean0.08 risk

The skill's files and instructions are consistent with a simple local order-management shell tool that only writes logs to a directory in the user's home; no network access or secret requests are present, though there's a small mismatch between the README and the script about how to configure the data directory.

Mar 15, 20262 files2 concerns

Purpose & Capabilityok

Name/description (order management, invoices, tracking, stats) align with the included script: commands for list, track, create, return, invoice, and stats are implemented. The footprint (local log files) is appropriate for the stated purpose.

Instruction Scopenote

SKILL.md documents commands and a configuration variable ORDERS_DIR, but the shipped script ignores ORDERS_DIR and instead uses XDG_DATA_HOME or $HOME/.local/share/orders. Otherwise the SKILL.md instructions stay within the tool's scope and do not ask the agent to read unrelated system state or transmit data externally.

Install Mechanismok

There is no install spec and the skill is instruction-only with a small shell script included. No downloads or package installs are performed, minimizing install-time risk.

Credentialsnote

The skill declares no required environment variables or credentials (appropriate). However SKILL.md suggests setting ORDERS_DIR to change the data directory while the script respects XDG_DATA_HOME and falls back to $HOME/.local/share/orders — so the documented env var is not used by the code. The script will create and write logs under the user's data directory.

Persistence & Privilegeok

always is false and the skill does not request persistent elevated privileges or attempt to modify other skill/system configurations. It only creates a per-user data directory and log files.

Guidance

This skill appears to be a simple local shell tool that logs order operations to a directory in your home (~/.local/share/orders by default). It does not contact the network or request credentials. Before installing or running: (1) review or run the included scripts in a safe environment — the code is small and readable; (2) note the SKILL.md mentions ORDERS_DIR but the script ignores that variable — if you want a different storage path, set XDG_DATA_HOME or edit the script to honor ORDERS_DIR; (3) be aware it will create and append .log files under your data directory, so if you handle sensitive order data consider restricting file permissions or using a secure location; (4) because the skill can be invoked autonomously by the agent (default), only enable it for agents you trust. Overall this is coherent and low-risk.

Latest Release

v1.0.1

Standards compliance: unique content, no template text

More by @xueyetianya

Gpt

0 stars

Campaign

0 stars

Changelog

0 stars

Trend

0 stars

Passgen

0 stars

Nlp

0 stars

Published by @xueyetianya on ClawHub