Ink
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for managing Ink cloud resources, but it gives an agent broad account-changing power over deployments, databases, DNS, and secrets without clear approval or scoping guidance.
Install only if you want an agent to administer your Ink cloud account. Before use, verify the CLI source, use a limited credential, explicitly set the workspace/project, and require manual approval for deletes, DNS changes, secret replacement, token retrieval, and production deployments.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent might steer a general cloud or database task toward Ink when the user did not clearly choose that platform.
The invocation wording is broad enough that an agent could apply Ink workflows to ambiguous deployment, service, or database requests instead of first confirming the user wants Ink.
Use this skill whenever the user mentions Ink, ml.ink, deployments, services, databases, or cloud infrastructure on Ink, even if they don't say "Ink" explicitly.
Ask the user to confirm Ink, the workspace, project, and intended target before taking action on ambiguous requests.
A mistaken or over-eager agent action could delete production resources, break DNS, replace secrets, or redeploy services without the user realizing the full impact.
The skill documents high-impact cloud mutations and destructive operations, including deletion of services/databases/DNS records and replacement of all secrets, while also promoting autonomous operation.
fully autonomous agents can handle the entire lifecycle: create, deploy, monitor, and scale services without human intervention ... ink delete my-app ... ink db delete my-db ... ink dns delete example.com <record-id> ... ink secrets import my-app --file .env --replace
Require explicit user approval for delete, replace, DNS, secret, workspace, and deployment-changing commands; confirm target workspace/project/service/database/domain before execution.
The agent may act under the wrong Ink account or workspace, or expose generated service credentials in outputs or logs if not carefully controlled.
The skill can act using existing Ink credentials and can retrieve database or repository tokens, but the metadata declares no credential contract and the instructions do not clearly limit account, workspace, project, or token handling.
CLI flags -- `--api-key`, `--workspace`, `--project`; Environment -- `INK_API_KEY`; Local config -- `.ink`; Global config -- `~/.config/ink/config` ... `ink db token my-db` ... `ink repos token my-app`
Use a least-privileged Ink credential, set workspace/project explicitly, avoid broad global config when possible, and do not display or store tokens unless the user asks.
Installing a global CLI changes the local environment and trusts the package source.
The skill instructs installation of a global CLI from npm or a Homebrew tap. This is expected for a cloud CLI skill, but the install source/version is not pinned in the artifact.
npm install -g @mldotink/cli # npm (macOS, Linux, Windows) brew install mldotink/tap/ink # Homebrew (macOS)
Verify the Ink CLI package and Homebrew tap, prefer pinned or documented versions where available, and install only from the official provider source.