v1.6.0

ByteRover - Headless

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:56 AM.

Analysis

This is a coherent ByteRover CLI guide, but it uses a ByteRover API key and can persist or sync selected project context to cloud, so users should approve what is shared.

GuidanceBefore installing, confirm you trust the ByteRover CLI, use a dedicated ByteRover API key, and approve any push or pull operation. Do not curate or sync secrets, credentials, or sensitive project files unless you intend them to be stored in ByteRover.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

For pull and push operations, you should ask for user permission first ... For push operations, always use `-y` to skip confirmation in headless mode.

Push and pull can mutate or sync the context tree. The instructions include a user-permission step, but the actual headless push command bypasses the CLI confirmation prompt.

User impactIf the permission step is skipped, context changes could be pushed or pulled without the user noticing the CLI prompt.

RecommendationRequire clear user approval before every push, pull, or force re-initialization, especially when project context may be uploaded or overwritten.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

SKILL.md

"requires":{"bins":["brv"]},"install":[{"id":"npm","kind":"node","package":"@byterover/cli","bins":["brv"]

The skill depends on an external ByteRover CLI package rather than included code. This is normal for a CLI wrapper, but the reviewed artifacts do not contain the package implementation.

User impactThe security of actual operations depends on the installed `brv` CLI package.

RecommendationInstall the CLI only from the official ByteRover package/source and keep it updated.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

ask them to provide: 1. **API key** - for authentication ... brv login --api-key <key>

The skill instructs use of a ByteRover API key for login. This is expected for the service, but it grants account access and is not declared as a primary credential in the registry metadata.

User impactAnyone installing this should understand that the agent may handle a ByteRover API key for the user’s account.

RecommendationUse a dedicated, revocable ByteRover key with the least needed access, and do not provide unrelated credentials.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

ByteRover maintains a context tree that stores patterns, decisions, and implementation details about a project ... brv curate ... --files src/middleware/auth.ts ... brv push ... ByteRover cloud storage

The skill stores project knowledge, can include selected file content, and can sync the context tree to cloud storage. This is aligned with the stated purpose but can persist sensitive project details.

User impactPrivate implementation details or file contents could become part of a persistent knowledge base and later be reused or synced.

RecommendationReview curated content before syncing, avoid secrets or confidential files, and use trusted ByteRover teams/spaces.