← 返回 Skills 市场
Supplychainsentinel
作者
ncreighton
· GitHub ↗
· v1.0.0
· MIT-0
231
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install supplychainsentinel
功能描述
Monitor supplier APIs, port delays, and weather in real-time to trigger automatic PO rerouting and stakeholder alerts. Use when the user needs supply chain d...
安全使用建议
This skill is largely coherent for supply-chain monitoring, but it can perform high-impact automated actions (creating POs, rerouting orders) and requires broad access to your DATABASE_URL and notification endpoints. Before installing: (1) use least-privilege service accounts and limit DATABASE_URL to a read-only/controlled schema if possible; (2) never provide full admin DB credentials — create a scoped user for just the needed tables; (3) ensure ERP integrations require separate, auditable credentials and consider requiring manual approval for PO creation; (4) route Slack/sendgrid webhooks to test channels first; (5) test in a staging environment and review logs/alerts; (6) if you cannot limit permissions or if automatic PO creation is unacceptable, do not install or disable autonomous invocation and require manual confirmation for any financial action.
功能分析
Type: OpenClaw Skill
Name: supplychainsentinel
Version: 1.0.0
The SupplyChainSentinel skill is a legitimate tool for logistics monitoring and automated purchase order rerouting. It utilizes standard industry APIs (Shippo, Flexport, OpenWeather) and requires environment variables and database access consistent with its documented functionality. No evidence of malicious intent, data exfiltration, or harmful prompt injection was identified.
能力评估
Purpose & Capability
Name/description match the declared env vars (Shippo, Flexport, OpenWeather, Slack, SendGrid, and a database) and the required binaries (curl, jq). However the SKILL.md claims integration with many providers (FedEx/UPS/Maersk/Port Authorities/ERP systems) yet only a subset of provider credentials are listed; additional credentials or integrations are implicitly required but not declared.
Instruction Scope
Runtime instructions include polling multiple supplier APIs, reading backup supplier lists from your database, sending Slack/email notifications, and automatically creating purchase orders in ERP systems. Those actions are coherent with the stated purpose, but automatic financial actions (PO creation/rerouting) are high-impact and the SKILL.md provides no safe-guards (e.g., manual approval steps) or explicit handling of ERP credentials.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest installation risk because nothing is downloaded or written by an installer.
Credentials
Requested env vars (SHIPPO_API_KEY, FLEXPORT_API_KEY, OPENWEATHER_API_KEY, SLACK_WEBHOOK_URL, SENDGRID_API_KEY, DATABASE_URL) are individually relevant. However DATABASE_URL grants broad access to your procurement data and possibly ERP integration secrets stored in the DB; ERP/API credentials for other carriers and ERPs are not declared but will be needed. The set is large and enables both data exfiltration and automated changes, so least-privilege service accounts and careful scoping are recommended.
Persistence & Privilege
always:false (not force-installed) and disable-model-invocation:false (normal). The skill does not request to modify other skills or global agent settings. The combination of autonomous invocation (platform default) with database and outbound-notification access increases potential impact but is not a misconfiguration by itself.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install supplychainsentinel - 安装完成后,直接呼叫该 Skill 的名称或使用
/supplychainsentinel触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
SupplyChainSentinel 1.0.0 — Initial Release
- Real-time monitoring of 15+ supplier APIs, port delays, and weather to detect supply chain disruptions early.
- Automatic purchase order (PO) rerouting to backup suppliers when risks are detected.
- Proactive alerts and ETA recalculations sent to stakeholders via Slack, email, and ERP integrations.
- Live supplier health dashboard with delivery metrics and risk scoring.
- Flexible configuration with support for major logistics, weather, and notification APIs.
元数据
常见问题
Supplychainsentinel 是什么?
Monitor supplier APIs, port delays, and weather in real-time to trigger automatic PO rerouting and stakeholder alerts. Use when the user needs supply chain d... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 231 次。
如何安装 Supplychainsentinel?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install supplychainsentinel」即可一键安装,无需额外配置。
Supplychainsentinel 是免费的吗?
是的,Supplychainsentinel 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Supplychainsentinel 支持哪些平台?
Supplychainsentinel 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(macos, linux, win32)。
谁开发了 Supplychainsentinel?
由 ncreighton(@ncreighton)开发并维护,当前版本 v1.0.0。
推荐 Skills