← Back to Skills Marketplace
Ppe
by
bytesagain3
· GitHub ↗
· v1.0.0
· MIT-0
131
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install ppe
Description
Personal protective equipment tracker. Use when json ppe tasks, csv ppe tasks, checking ppe status.
Usage Guidance
This skill is a simple local CLI implemented in bash and appears to be what it claims. Before installing, note: (1) data is stored unencrypted by default under ~/.ppe (or PPE_DIR if set) — back up or move it if needed and avoid using on shared systems if entries are sensitive; (2) the script runs locally and makes no network calls; (3) you can inspect scripts/script.sh yourself (it's short and readable) before running; (4) the script uses simple line-based JSON parsing (fragile for complex values) and sed -i/grep behaviors that may differ on BSD/macOS vs Linux — test on your platform. If you want stronger isolation, run it in a container or inspect/modify the script to suit your policies.
Capability Analysis
Type: OpenClaw Skill
Name: ppe
Version: 1.0.0
The skill implements a local PPE tracker but contains a command injection vulnerability in `scripts/script.sh` within the `cmd_config` function. Specifically, user-provided keys and values are passed unsanitized to a `sed -i` command, which could allow for arbitrary file manipulation or, on systems with GNU sed, remote code execution (RCE) via the `e` flag. While the tool's behavior aligns with its stated purpose, the lack of input validation in a shell script environment is a significant security flaw.
Capability Assessment
Purpose & Capability
Name/description align with the included script. The script implements add/list/search/remove/export/stats/config operations for PPE entries and stores them in a local data directory (PPE_DIR or ~/.ppe). There are no unrelated capabilities requested.
Instruction Scope
SKILL.md simply delegates to scripts/script.sh for commands. The script reads/writes only files under the configured data directory and the config file there; it does not access other system paths, environment variables (beyond optional PPE_DIR), or external endpoints.
Install Mechanism
There is no install spec and the repository includes a single bash script (scripts/script.sh). Nothing is downloaded or extracted from external URLs during runtime.
Credentials
No required environment variables or credentials are declared. The only environment use is an optional PPE_DIR to override the default data directory, which is appropriate for a local CLI tool.
Persistence & Privilege
always is false and the skill does not request permanent elevated presence. The script writes only to its own data directory and config file; it doesn't modify other skills or system-wide agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ppe - After installation, invoke the skill by name or use
/ppe - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
publish v1.0.0
Metadata
Frequently Asked Questions
What is Ppe?
Personal protective equipment tracker. Use when json ppe tasks, csv ppe tasks, checking ppe status. It is an AI Agent Skill for Claude Code / OpenClaw, with 131 downloads so far.
How do I install Ppe?
Run "/install ppe" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Ppe free?
Yes, Ppe is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Ppe support?
Ppe is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Ppe?
It is built and maintained by bytesagain3 (@bytesagain3); the current version is v1.0.0.
More Skills