Back to skill
Skillv1.0.0
ClawScan security
Trae · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 19, 2026, 4:22 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions, scope, and lack of required secrets or installs are coherent with its stated purpose of teaching TRAE's Skills architecture, but it explicitly recommends fetching and executing scripts and connecting to external data sources, which raises operational cautions the user should understand before enabling autonomous execution.
- Guidance
- This skill appears to be what it claims: a guide for TRAE Skills. It does, however, recommend patterns that can create risk in practice — embedding executable scripts in Skill folders, importing Skills from community repos, and connecting to external data via MCP. Before installing or enabling autonomous use: (1) restrict or audit the agent's ability to execute code and make network calls; (2) review any Skill folder and its scripts before running them; (3) only import Skills from trusted sources and scan them for unexpected behavior; and (4) enforce org governance (review, code signing, least-privilege connectors) if you plan to use Skills in production. If you want a firmer assessment, provide the platform's runtime privileges (can the agent run processes or access the network?) or any example Skill resource files the agent would execute.
Review Dimensions
- Purpose & Capability
- okThe name/description match the SKILL.md content: it documents TRAE's Skills architecture, file layout, triggers, and workflow automation. The resources and script-execution guidance are consistent with a guide for building/operating IDE skills.
- Instruction Scope
- noteSKILL.md stays on-topic (how to author/manage Skills) but explicitly encourages embedding executable resources (Python/.sh), importing Skill folders from community repos (e.g., GitHub), and using MCP to connect external data sources. Those recommendations are within scope but grant the agent broad discretion to fetch and run remote code or access external data if the agent/platform allows it — a user should be aware of this runtime implication.
- Install Mechanism
- okInstruction-only skill with no install spec, no downloads, and no code files — nothing will be written or executed by the skill itself until the agent/platform is explicitly asked to fetch or run resources.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. It references external repositories and MCP conceptually but does not require tokens or secrets in its metadata.
- Persistence & Privilege
- notealways:false and default autonomous invocation are normal. Because the skill recommends creating executable Skill resources and using external connectors, granting the agent network or execution privileges on the host would materially increase risk — consider limiting those runtime privileges.