← Back to Skills Marketplace
Supplychainsentinel
by
ncreighton
· GitHub ↗
· v1.0.0
· MIT-0
231
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install supplychainsentinel
Description
Monitor supplier APIs, port delays, and weather in real-time to trigger automatic PO rerouting and stakeholder alerts. Use when the user needs supply chain d...
Usage Guidance
This skill is largely coherent for supply-chain monitoring, but it can perform high-impact automated actions (creating POs, rerouting orders) and requires broad access to your DATABASE_URL and notification endpoints. Before installing: (1) use least-privilege service accounts and limit DATABASE_URL to a read-only/controlled schema if possible; (2) never provide full admin DB credentials — create a scoped user for just the needed tables; (3) ensure ERP integrations require separate, auditable credentials and consider requiring manual approval for PO creation; (4) route Slack/sendgrid webhooks to test channels first; (5) test in a staging environment and review logs/alerts; (6) if you cannot limit permissions or if automatic PO creation is unacceptable, do not install or disable autonomous invocation and require manual confirmation for any financial action.
Capability Analysis
Type: OpenClaw Skill
Name: supplychainsentinel
Version: 1.0.0
The SupplyChainSentinel skill is a legitimate tool for logistics monitoring and automated purchase order rerouting. It utilizes standard industry APIs (Shippo, Flexport, OpenWeather) and requires environment variables and database access consistent with its documented functionality. No evidence of malicious intent, data exfiltration, or harmful prompt injection was identified.
Capability Assessment
Purpose & Capability
Name/description match the declared env vars (Shippo, Flexport, OpenWeather, Slack, SendGrid, and a database) and the required binaries (curl, jq). However the SKILL.md claims integration with many providers (FedEx/UPS/Maersk/Port Authorities/ERP systems) yet only a subset of provider credentials are listed; additional credentials or integrations are implicitly required but not declared.
Instruction Scope
Runtime instructions include polling multiple supplier APIs, reading backup supplier lists from your database, sending Slack/email notifications, and automatically creating purchase orders in ERP systems. Those actions are coherent with the stated purpose, but automatic financial actions (PO creation/rerouting) are high-impact and the SKILL.md provides no safe-guards (e.g., manual approval steps) or explicit handling of ERP credentials.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest installation risk because nothing is downloaded or written by an installer.
Credentials
Requested env vars (SHIPPO_API_KEY, FLEXPORT_API_KEY, OPENWEATHER_API_KEY, SLACK_WEBHOOK_URL, SENDGRID_API_KEY, DATABASE_URL) are individually relevant. However DATABASE_URL grants broad access to your procurement data and possibly ERP integration secrets stored in the DB; ERP/API credentials for other carriers and ERPs are not declared but will be needed. The set is large and enables both data exfiltration and automated changes, so least-privilege service accounts and careful scoping are recommended.
Persistence & Privilege
always:false (not force-installed) and disable-model-invocation:false (normal). The skill does not request to modify other skills or global agent settings. The combination of autonomous invocation (platform default) with database and outbound-notification access increases potential impact but is not a misconfiguration by itself.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install supplychainsentinel - After installation, invoke the skill by name or use
/supplychainsentinel - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
SupplyChainSentinel 1.0.0 — Initial Release
- Real-time monitoring of 15+ supplier APIs, port delays, and weather to detect supply chain disruptions early.
- Automatic purchase order (PO) rerouting to backup suppliers when risks are detected.
- Proactive alerts and ETA recalculations sent to stakeholders via Slack, email, and ERP integrations.
- Live supplier health dashboard with delivery metrics and risk scoring.
- Flexible configuration with support for major logistics, weather, and notification APIs.
Metadata
Frequently Asked Questions
What is Supplychainsentinel?
Monitor supplier APIs, port delays, and weather in real-time to trigger automatic PO rerouting and stakeholder alerts. Use when the user needs supply chain d... It is an AI Agent Skill for Claude Code / OpenClaw, with 231 downloads so far.
How do I install Supplychainsentinel?
Run "/install supplychainsentinel" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Supplychainsentinel free?
Yes, Supplychainsentinel is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Supplychainsentinel support?
Supplychainsentinel is cross-platform and runs anywhere OpenClaw / Claude Code is available (macos, linux, win32).
Who created Supplychainsentinel?
It is built and maintained by ncreighton (@ncreighton); the current version is v1.0.0.
More Skills