Skillv1.0.0

ClawScan security

Node Red Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 12, 2026, 11:30 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill generally matches its stated purpose (manage Node-RED), but several mismatches and omissions (undeclared required env vars, CLI wrapper missing, hard-coded infra hints, and an included flow with an exec node) create coherence and safety concerns you should review before installing.
Guidance: This skill appears to implement a legitimate Node-RED admin client, but there are multiple incoherences you should resolve before installing or giving it credentials: - Do not provide admin credentials until you review the code and are comfortable. The Python client expects NODE_RED_USERNAME / NODE_RED_PASSWORD and NODE_RED_URL but the registry metadata does not declare them. Use a least-privilege admin account and rotate credentials afterwards. - Verify the CLI wrapper: SKILL.md commands reference scripts/nr but the repo contains scripts/nr_api.py only. Confirm how the CLI is invoked and whether any wrapper will be installed or created automatically. - Review the included flow (assets/flows/watchdog.json). It contains an exec node that will run shell commands on the Node-RED host (currently configured to run 'uptime -p' every 5s). Because the skill can deploy flows via the Admin API, deploying unreviewed flows can execute arbitrary commands on the host. Only deploy flows you trust and review them for exec/http-request/function nodes that could be abused. - The SKILL.md references Docker compose operations and a specific service name and URL — ensure those are relevant to your environment and that Docker/docker-compose are present before running those commands. - Check for missing files the instructions mention (e.g., .env.example). If the skill claims to 'auto-handle dependencies', inspect whether it will run pip installs automatically or require manual setup. If you want to proceed: run the client in an isolated/test environment first, inspect and sanitize any flows before deployment, provide a least-privilege account, and consider network/firewall restrictions around your Node-RED instance. If you can get the maintainers to fix the manifest (declare required env vars, provide a proper CLI wrapper, remove or explain the hard-coded infra hints), the coherence and safety posture will improve.

Review Dimensions

Purpose & Capability: concernName/description align with the code and docs: the Python client implements Node-RED Admin API operations (flows, nodes, context, backup). However SKILL.md refers to a CLI executable 'scripts/nr' while the repository contains only scripts/nr_api.py (no CLI wrapper), and the skill metadata claims no required env vars while both SKILL.md and the Python code require NODE_RED_URL / NODE_RED_USERNAME / NODE_RED_PASSWORD. The SKILL.md also lists a specific stack location, docker service name, and an external URL (https://flow.glassgallery.my.id) that are not manifest-backed and may be irrelevant or misleading.
Instruction Scope: concernRuntime instructions ask users to set admin credentials and run CLI commands and docker compose operations. The skill includes an example flow (assets/flows/watchdog.json) that contains an 'exec' node configured to run 'uptime -p' on the Node-RED host and an inject node that triggers it every 5s. Because the skill can deploy flows via the Admin API, deploying arbitrary flows (or the supplied flow) can cause commands to execute on the Node-RED host — a real RCE risk if flows are malicious or modified. SKILL.md also instructs copying .env.example, but no .env.example is present in the manifest. Overall instructions extend beyond mere API calls (they assume Docker presence and specific deployment layout) without declaring those requirements.
Install Mechanism: noteThere is no install spec (instruction-only + some code files). requirements.txt lists requests and python-dotenv, and SKILL.md claims 'script automatically handles dependencies on first run' but no installer is provided. That is common but means the environment must satisfy dependencies beforehand; there is no automated, tracked install source or external downloads to raise higher install risk.
Credentials: concernThe code requires admin credentials (NODE_RED_USERNAME / NODE_RED_PASSWORD) and a Node-RED URL (NODE_RED_URL) to function — reasonable for an admin tool — but the skill registry metadata incorrectly lists no required environment variables. This mismatch is important: the agent will prompt or expect secrets but the registry doesn't declare them. Requesting admin credentials is proportionate to the claimed purpose, but you should only provide them for a trusted Node-RED instance and consider using a least-privilege account.
Persistence & Privilege: okThe skill is not marked 'always' and uses the platform defaults for invocation. It does not request system-wide config paths or other skills' credentials. No evidence it modifies other skills or requests permanent elevated presence.