Supernal Interface CLI
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly a coherent testing CLI reference, but it includes automated MCP and Claude agent setup commands that can change IDE/agent configuration without clear scope or safeguards.
Use the scanning and validation commands only in a project you can review with version control. Before installing the npm package globally or running setup-mcp/setup-claude, verify the package source and inspect exactly what IDE, MCP, skill, and agent configuration will be created or overwritten.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package could run code from the npm package with the user's local permissions.
The skill depends on installing a global npm CLI package, but the submitted artifact set contains only SKILL.md and the registry metadata lists no source or homepage. This is a normal pattern for CLI tools, but users cannot review the package implementation from these artifacts.
npm install -g @supernal/interface
Verify the npm package publisher, version, repository, and install scripts before installing globally.
The tool may change source code or create commits in the user's project.
The CLI exposes commands that can edit project source files and commit generated changes. This is aligned with contract/test generation, but it is mutating behavior that should be user-directed.
si init --inject # Inject data-testid into components si init --migrate # Migrate imports to contracts si scan-routes --git-commit # Auto-commit
Use dry-run/review workflows where available, inspect diffs before committing, and avoid autonomous execution of mutating commands.
A misconfigured MCP integration could expose project context or tools to an agent/server connection the user did not fully review.
The artifact describes automated MCP server and IDE configuration, including forced overwrites, but does not define the server's permissions, data boundaries, identity model, or what IDE configuration is changed.
Fully automated MCP setup (zero manual steps) si setup-mcp # Configure IDE + create server si setup-mcp --force # Overwrite existing
Run MCP setup manually or inspect generated configuration before enabling it; confirm which tools, directories, and permissions the MCP server receives.
Installing unspecified agents or skills could change future agent behavior beyond the immediate test-generation task.
The skill can install additional Claude skills and agents, but the artifact does not identify what agents are installed, where they persist, or how their behavior is scoped and removed.
si setup-claude # Install skills + agents
Require explicit user approval before running this command, review the installed agents/skills, and document removal or rollback steps.