Trae
v1.0.0Expertise in TRAE IDE's modular Skills architecture, enabling creation, management, and automation of custom workflows for enhanced AI-driven development.
⭐ 0· 222·2 current·2 all-time
bywow@duanc-chao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description match the SKILL.md content: it documents TRAE's Skills architecture, file layout, triggers, and workflow automation. The resources and script-execution guidance are consistent with a guide for building/operating IDE skills.
Instruction Scope
SKILL.md stays on-topic (how to author/manage Skills) but explicitly encourages embedding executable resources (Python/.sh), importing Skill folders from community repos (e.g., GitHub), and using MCP to connect external data sources. Those recommendations are within scope but grant the agent broad discretion to fetch and run remote code or access external data if the agent/platform allows it — a user should be aware of this runtime implication.
Install Mechanism
Instruction-only skill with no install spec, no downloads, and no code files — nothing will be written or executed by the skill itself until the agent/platform is explicitly asked to fetch or run resources.
Credentials
The skill requests no environment variables, credentials, or config paths. It references external repositories and MCP conceptually but does not require tokens or secrets in its metadata.
Persistence & Privilege
always:false and default autonomous invocation are normal. Because the skill recommends creating executable Skill resources and using external connectors, granting the agent network or execution privileges on the host would materially increase risk — consider limiting those runtime privileges.
Assessment
This skill appears to be what it claims: a guide for TRAE Skills. It does, however, recommend patterns that can create risk in practice — embedding executable scripts in Skill folders, importing Skills from community repos, and connecting to external data via MCP. Before installing or enabling autonomous use: (1) restrict or audit the agent's ability to execute code and make network calls; (2) review any Skill folder and its scripts before running them; (3) only import Skills from trusted sources and scan them for unexpected behavior; and (4) enforce org governance (review, code signing, least-privilege connectors) if you plan to use Skills in production. If you want a firmer assessment, provide the platform's runtime privileges (can the agent run processes or access the network?) or any example Skill resource files the agent would execute.Like a lobster shell, security has layers — review code before you run it.
latestvk971mpeycs1f24xmy9m4ah0etn837rmm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.