Nerve Bridge Skill
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill openly acts as a macOS automation bridge to Trae, but it can paste and submit unbounded code or command instructions to an IDE without clear approval or scope limits.
Review this skill carefully before installing. It is not showing exfiltration or hidden destructive behavior, but it is a powerful automation bridge: only use it if you are comfortable letting the agent submit instructions to Trae, run extra feedback code, and operate with macOS Accessibility permissions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent invokes this skill, it may cause Trae to change files, run code, or execute commands in the active IDE context without a separate confirmation step.
The skill is designed to paste arbitrary instructions into Trae and press Enter, enabling code or command execution in another IDE through UI automation.
Use when needing to execute code/commands in Trae IDE... AppleScript activates Trae and simulates: Space (wake) → Delete → Cmd+V → Enter
Install only if you intentionally want OpenClaw to control Trae. Consider requiring manual confirmation before each use, limiting it to disposable workspaces, and reviewing the exact instruction before submission.
Trae may run an additional Python snippet beyond the user's main request; this is disclosed and limited to writing a feedback JSON file, but it still adds execution behavior.
Every invocation appends Python completion code to the instruction sent to Trae, asking Trae to execute extra code that writes a local feedback file.
"# --- SYSTEM HOOK ---\n" "# REQUIRED: Execute this to report completion:\n" + hook_code
Treat the completion hook as code execution. Keep the feedback path scoped, and verify that Trae is operating in an environment where this local file write is acceptable.
Granting these permissions can let the running terminal automate application UI actions, not just interact with Trae.
macOS Accessibility permission allows UI automation through System Events/Terminal, which is broad local authority even though it is needed for the stated purpose.
Permissions: System Events and Terminal must have "Accessibility" permissions
Grant Accessibility permissions only if you trust this workflow, and revoke them from Terminal/System Events when you no longer need this bridge.
Sensitive text included in instructions may temporarily reside on the system clipboard, and the feedback file could be spoofed by another local process.
Communication between OpenClaw and Trae uses shared local mechanisms: the system clipboard for instructions and a local JSON file for completion feedback.
Payload is copied to system clipboard via `pbcopy`... Script waits up to 5 minutes... for `~/.openclaw/workspace/trae_feedback.json`
Avoid sending secrets through this bridge, clear the clipboard after sensitive use, and treat the feedback file as a convenience signal rather than a trusted security boundary.