ZEDEDA
WarnAudited by ClawScan on May 10, 2026.
Overview
This looks like a legitimate ZEDEDA API client, but it gives an agent broad power to change or disrupt edge, app, Kubernetes, and IAM resources using your ZEDEDA token.
Install only if you want an agent to help manage ZEDEDA resources. Prefer a limited-scope token, disable or restrict autonomous use for destructive operations, require confirmation before any create/update/delete/reboot/offboard/bulk job action, and avoid DEBUG logging when handling sensitive payloads.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overbroad agent action could reboot, offboard, delete, or otherwise disrupt managed edge devices and related infrastructure.
The skill exposes high-impact ZEDEDA device operations such as delete, offboard, and reboot. These fit the stated API-client purpose, but the provided artifacts do not clearly bound them with approval, dry-run, or scope controls.
def delete_edge_node(self, id: str) -> Any: ... return self.c.delete(f"/v1/devices/id/{id}") ... def offboard_edge_node(self, id: str) -> Any: ... return self.c.put(f"/v1/devices/id/{id}/offboard") ... def reboot_edge_node(self, id: str) -> Any: ... return self.c.put(f"/v1/devices/id/{id}/reboot")Use a least-privilege or read-only token where possible, and require explicit human confirmation for POST, PUT, DELETE, reboot, offboard, upgrade, and bulk job actions.
If you provide an admin-level token, the agent may be able to read and change a large portion of your ZEDEDA environment.
All API requests use the user's ZEDEDA bearer token, so the agent operates with whatever account and role permissions that token has.
self.token = token or os.environ.get("ZEDEDA_API_TOKEN", "") ... "Authorization": f"Bearer {self.token}"Create a dedicated ZEDEDA token with the minimum permissions needed for the tasks you plan to delegate.
Sensitive request data could appear in local stderr logs or agent transcripts if DEBUG logging is enabled.
When DEBUG logging is enabled, request body content is logged with only the bearer token redacted. JSON bodies could contain sensitive configuration or secret values.
if encoded_body:
logger.debug(" body: %s", self._sanitise(encoded_body.decode()[:500], self.token))Avoid DEBUG logging when sending secrets or credentials, and review logs if you use --body or --body-file with sensitive payloads.