Trae CLI for OpenClaw
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is a plausible TRAE CLI guide, but it asks users or agents to run unverified remote install scripts and enables a tool that can broadly modify code, use accounts, and automate development work.
Install only after confirming the TRAE CLI source is official. Inspect or verify the remote installer before running it, keep command/file/Git operations under explicit approval, use least-privilege enterprise credentials, and avoid non-interactive CI/CD use until guardrails and review gates are in place.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the remote installer or CDN is changed or compromised, installation could run arbitrary commands on the user's machine.
The documented install path executes remote installer scripts directly in the user's shell/PowerShell. The provided artifacts do not show checksum, signature, version pinning, or a verifiable source repository/homepage.
sh -c "$(curl -L https://lf-cdn.trae.com.cn/obj/trae-com-cn/trae-cli/install.sh)" ... irm https://lf-cdn.trae.com.cn/obj/trae-com-cn/trae-cli/install.ps1 | iex
Verify the official TRAE CLI source before installing, inspect the installer first, prefer signed or pinned packages when available, and run installation manually rather than letting an agent execute it unattended.
A mistaken or over-broad instruction could change files, run unexpected commands, or affect a project workspace.
The skill permits broad shell and file operations. That is aligned with installing/configuring a developer CLI, but it gives the agent enough authority to run commands and modify project files.
allowed-tools: Bash(*), Read(*), Write(*), Edit(*)
Require explicit approval for shell commands, file writes, Git operations, and installer execution; review diffs before accepting code changes.
The CLI may act with permissions associated with the user's enterprise account.
The CLI requires enterprise account authorization. This is expected for the product, but it grants the installed CLI access under the user's enterprise identity.
TRAE CLI will prompt you to log in to your enterprise account
Use the official login flow, verify requested scopes, and avoid granting unnecessary organization or repository privileges.
Project code, prompts, or tool outputs could be sent to configured external providers or MCP tools depending on TRAE CLI configuration.
The skill describes MCP and external model/provider integrations, but the visible text does not define data boundaries, provider scopes, or what project context is shared.
integrate third-party tools and services through the Model Context Protocol (MCP) ... supporting configuration and use of models provided by OpenAI and Claude
Use trusted providers and MCP servers only, review their data-retention policies, and avoid sending sensitive code or secrets unless approved.
Automated code or Git changes could spread through CI/CD or team workflows before a human reviews them.
The CLI can be used without interactive review in automation contexts. This is a valid developer workflow, but mistakes can propagate through builds or repositories.
TRAE CLI supports running in non-interactive mode ... integrate TRAE CLI into CI/CD pipelines or other automation scripts
Use non-interactive mode only with branch protections, test gates, limited credentials, and human review before merge or deployment.