Back to skill

Security audit

Trae CLI for OpenClaw

Security checks across malware telemetry and agentic risk

Overview

This TRAE CLI guide is coherent, but it asks users to run powerful remote installer and command-execution workflows without enough safety guardrails.

Install only if you trust the TRAE CLI publisher and distribution URL. Prefer downloading the installer first, inspecting it, and verifying a signature or checksum if available. Treat `.traecli/commands` Markdown files and CI prompts as executable automation, review them before use, and limit Bash/write permissions and credentials in unattended environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The documented `!`command`` syntax explicitly enables execution of arbitrary local shell commands from custom slash command definitions. In a skill that also permits broad tool access and encourages automation, this creates a strong command-injection and unintended code-execution risk if users import or run untrusted command templates.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The installation instructions pipe network-fetched scripts directly into `sh`/`iex`, causing immediate execution of remote code without any integrity verification, signature check, or review step. If the distribution endpoint, network path, or hosted script is compromised, users can be transparently infected during install.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The non-interactive examples show automation with `Bash`, `Edit`, `MultiEdit`, and `Write` enabled, but they do not clearly warn that running prompts in CI or scripts can automatically modify repository files or execute commands. This raises the chance of unintended destructive changes, prompt-injection-driven edits, or unsafe command execution in automated environments.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The `!`command`` feature executes arbitrary local commands and embeds their output into prompts, but the documentation omits any warning about the security consequences. Untrusted command definitions or attacker-controlled arguments could trigger shell execution, leak secrets from the local environment, or perform destructive actions on the host.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal