v1.0.3

Rei-Clawd

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:55 AM.

Analysis

Rei-Clawd transparently configures a third-party Rei model provider, but running it will store a Rei API key and change/restart Clawdbot configuration.

GuidanceInstall/run this only if you intend to use Rei as a Clawdbot model provider. Protect the Rei API key, review ~/.clawdbot/clawdbot.json after setup, keep the backup for rollback, and remember that using the Rei model sends relevant prompts/code context to coder.reilabs.org.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

scripts/setup.sh

jq --argjson rei "$REI_PROVIDER" '.models.providers.rei = $rei' "$CONFIG_FILE" > "${CONFIG_FILE}.tmp" && mv "${CONFIG_FILE}.tmp" "$CONFIG_FILE"

The setup script directly edits the Clawdbot model-provider configuration; nearby instructions also restart the gateway. This is expected for the stated setup purpose, but it changes agent routing behavior.

User impactRunning the setup can alter which model provider Clawdbot uses and restart the gateway.

RecommendationRun it only when you intend to add Rei, review the resulting config, and keep the backup/revert path available.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

Source: unknown
Homepage: none

The registry metadata does not provide a source repository or homepage. The included script contents are visible and simple, so this is a provenance note rather than a concrete unsafe behavior.

User impactUsers have less publisher/provenance context for a skill that changes local Clawdbot configuration.

RecommendationVerify that you trust the registry owner and the coder.reilabs.org service before running the setup.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

scripts/setup.sh

read -p "Enter your Rei API key: " API_KEY ... "apiKey": "$API_KEY"

The script collects a Rei API key and writes it into the provider configuration. This is necessary for the integration, but it is still sensitive credential handling.

User impactAnyone with access to the Clawdbot config or a transcript where the key was pasted could potentially see the Rei API key.

RecommendationUse a dedicated, revocable Rei API key, avoid pasting it into shared chats, and protect ~/.clawdbot/clawdbot.json.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

Rei provides Qwen3 Coder via an OpenAI-compatible endpoint at `coder.reilabs.org`.

The skill configures an external model endpoint. That is the core purpose, but future prompts, code, and context sent to the Rei model will leave the local Clawdbot environment.

User impactWhen Rei is selected, your model traffic may be processed by the external Rei endpoint.

RecommendationUse Rei only for data you are comfortable sending to that provider, and switch back or revert if you do not want that routing.