ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nerve Bridge Skill

vv1.0.0

Bi-directional control of Trae via macOS AppleScript with built-in feedback mechanism. Use when needing to execute code/commands in Trae IDE and wait for com...

0· 582·2 current·2 all-time
by@88901111hz-lang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the actual behavior: it automates Trae via AppleScript, uses the system clipboard, and waits for a feedback file. Required binaries (python3, osascript) and macOS Accessibility permission are expected for this purpose.
Instruction Scope
Instructions and the Python script limit activity to copying payload to the clipboard, activating Trae, simulating keystrokes, and waiting for ~/.openclaw/workspace/trae_feedback.json. This is coherent, but note that the skill relies on Trae executing the injected payload (including arbitrary code you provide). Also, using pbcopy (clipboard) can leak clipboard contents if the payload includes sensitive data.
Install Mechanism
No install spec — instruction-only with a single helper script. Nothing is downloaded or written to install locations beyond the script itself being included in the skill bundle.
Credentials
No environment variables, credentials, or unrelated config paths are requested. The only filesystem interaction is the feedback file under the user's home directory, which is consistent with the stated feedback mechanism.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and only writes/reads its own feedback file path. It requires macOS Accessibility permissions for UI automation, which is expected for AppleScript-driven automation.
Assessment
This skill is coherent with its purpose, but it automates an editor/IDE to run whatever payload you send. Before installing or using it: (1) only send instructions you trust — the IDE will execute them; (2) avoid including secrets in the payload or clipboard; (3) confirm you are comfortable granting Accessibility permissions to enable the automation; (4) inspect the script (included) and consider running in a restricted environment if you are unsure. If you need stronger guarantees, avoid pasting sensitive code via the clipboard or add validation/sandboxing on the Trae side.

Like a lobster shell, security has layers — review code before you run it.

automationvk970qge8mg9fh0yqq7b3p2pce181dypylatestvk970qge8mg9fh0yqq7b3p2pce181dypymacosvk970qge8mg9fh0yqq7b3p2pce181dypytraevk970qge8mg9fh0yqq7b3p2pce181dypy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

⚡️ Clawdis
Binspython3, osascript

Comments