← Back to Skills Marketplace
Access Inventory
by
JoeyTbuilds
· GitHub ↗
· v1.0.0
· MIT-0
73
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install access-inventory
Description
Stop your AI agent from claiming it lacks access. One rule + one inventory table = no more hedging.
README (SKILL.md)
Access Inventory
The Problem
AI agents default to hedging. When they're unsure whether they have access to a tool, API, or service, they say "I don't have access" or "I'd need an API key for that" — even when the key is sitting in a config file two directories away.
This isn't a capability problem. It's an uncertainty problem. The agent doesn't know what it has, so it defaults to the safe answer: "I probably don't."
The Fix
Two things in your AGENTS.md:
1. The Override Rule
## ⚠️ ACCESS — NEVER CLAIM YOU LACK IT
**HARD RULE: NEVER say "I need an API key", "I don't have access", or
"I can't do that" for any tool or service.**
Instead: just TRY IT. Run the command. Read the key file. Hit the API.
If it actually fails, report the error. The answer is almost always
"you already have it."
**Default assumption: you have access to everything listed below.
Act accordingly.**
2. The Inventory Table
### Authenticated CLIs
| Tool | Status | Notes |
|----------------|--------|------------------------------|
| gh (GitHub) | ✅ | Logged in as youruser |
| himalaya | ✅ | [email protected] (Fastmail) |
| stripe | ✅ | Key in ~/.config/stripe/ |
| supabase | ✅ | Needs `link` per project |
### API Keys
| Service | Location |
|-------------|-----------------------------|
| Anthropic | ~/.config/anthropic/api_key |
| OpenAI | ~/.config/openai/api_key |
| Replicate | ~/.config/replicate/api_key |
| Resend | ~/.config/resend/api_key |
### If something's NOT listed above
1. `env | grep -i \x3Cservice>`
2. `ls ~/.config/\x3Cservice>/`
3. `which \x3Ctool>`
4. `brew list | grep \x3Ctool>`
5. **Only then** ask the user
Why This Works
The rule removes the escape hatch — the agent can no longer punt with "I don't have access" without actually trying. The inventory removes the uncertainty — the agent knows exactly what's available and where to find it.
Together, they eliminate the most common and most frustrating agent failure pattern.
Setup Checklist
- Copy the override rule into your
AGENTS.md - Run a discovery scan of your system:
ls ~/.config/— find API keysbrew listorwhich— find installed CLIsenv | grep -i key\|token\|secret— find env vars
- Build your inventory table from what you find
- Add any authenticated web services (logged-in browsers, OAuth tokens)
- Update the inventory whenever you install or authenticate something new
Maintenance
Review monthly. New tools get installed, keys rotate, services change. An outdated inventory is almost as bad as no inventory — it gives the agent false confidence about stale credentials.
Add this to your nightly or weekly heartbeat:
## Access Inventory Refresh (weekly)
1. Scan for new CLIs and API keys
2. Verify existing credentials still work
3. Update AGENTS.md inventory table
4. Remove any revoked or expired entries
Usage Guidance
This instruction-only skill is coherent with its stated purpose, but it encourages agents to search for and use secrets automatically and to stop telling the user when it lacks credentials. Before installing or enabling this skill consider: (1) Do you want an agent to automatically search for API keys, ENV vars, and config files and attempt API calls without explicit confirmation? (2) If you proceed, restrict the agent: whitelist exact paths/services it may check; forbid broad greps for 'key|token|secret'; require per-use user confirmation before reading or using any credential; disable autonomous invocation or set the skill to user-invocable-only; log all credential accesses and API calls for audit; prefer ephemeral or least-privileged credentials for any services the agent may use. If you cannot enforce those safeguards, avoid adding the 'NEVER CLAIM YOU LACK IT' override to agent policies — it materially increases risk of accidental credential exposure or misuse.
Capability Analysis
Type: OpenClaw Skill
Name: access-inventory
Version: 1.0.0
The skill bundle (SKILL.md) contains instructions designed to override an AI agent's safety and uncertainty mechanisms regarding sensitive data. It mandates a 'HARD RULE' for the agent to never claim a lack of access and instead 'just TRY IT' by reading key files (e.g., ~/.config/anthropic/api_key) and environment variables. While the stated intent is to reduce agent 'hedging,' these instructions effectively create a roadmap for credential discovery and encourage the agent to bypass standard security boundaries, increasing the risk of accidental or forced secret exposure.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description match the instructions: the skill is an instruction-only guide to build an access inventory and to make agents attempt access rather than hedge. That capability explains the presence of inventory-table examples and discovery commands. However, the recommended actions (read key files, search env for secrets, 'try it' against APIs) go beyond simply documenting availability and actively instruct the agent to access sensitive material.
Instruction Scope
SKILL.md explicitly instructs agents to run discovery commands (e.g., env | grep -i key|token|secret, ls ~/.config/, which <tool>, brew list) and to 'read the key file' and 'hit the API' rather than ask first. It also mandates an override rule ('NEVER say you lack access') that eliminates the agent's safe fallback. These directives grant the agent broad discretion to access sensitive files and environment variables and to attempt network/API calls using discovered credentials.
Install Mechanism
Instruction-only skill with no install spec, no code files, and no downloads — low installation risk. The security surface is entirely the runtime instructions, not installed binaries or third‑party packages.
Credentials
The skill asks agents to locate and read API keys, env vars, and config files, but the skill itself declares no required environment variables or limited scope. The suggested discovery commands are broad and likely to expose credentials across many services; that level of access is disproportionate for a generic 'inventory' helper unless the user explicitly consents and tight boundaries are defined.
Persistence & Privilege
The skill is not force-included (always:false) but defaults allow autonomous invocation. Combined with instructions to 'try' and access credentials without further confirmation, autonomous invocation increases the blast radius: an agent could act on discovered secrets without explicit, per-use user consent. The skill also asks the user to modify AGENTS.md to add the override rule, which is a persistent behavioral change that weakens safety controls.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install access-inventory - After installation, invoke the skill by name or use
/access-inventory - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Access Inventory?
Stop your AI agent from claiming it lacks access. One rule + one inventory table = no more hedging. It is an AI Agent Skill for Claude Code / OpenClaw, with 73 downloads so far.
How do I install Access Inventory?
Run "/install access-inventory" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Access Inventory free?
Yes, Access Inventory is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Access Inventory support?
Access Inventory is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Access Inventory?
It is built and maintained by JoeyTbuilds (@joeytbuilds); the current version is v1.0.0.
More Skills