Railway
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Railway CLI command-reference skill, but it can affect real cloud resources and should be used only with explicit project and environment confirmation.
This skill appears safe to install as an instruction-only Railway CLI helper, but treat it like a cloud administration tool: confirm the target project and environment before deployments or deletions, avoid exposing tokens or environment variables in chat, and use scoped Railway credentials where possible.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run against the wrong Railway project or environment, these commands could delete or disrupt real cloud resources.
The skill documents destructive Railway operations that can remove cloud services, variables, environments, or volumes. These commands fit the stated management purpose, but they should require clear user intent and target confirmation.
railway service delete <SERVICE_NAME> railway variables delete KEY railway environment delete <ENV_NAME> railway volume delete <VOLUME_ID>
Before allowing the agent to run mutation or delete commands, confirm the Railway project, service, environment, and expected effect.
A token with broad permissions could let the agent deploy, read logs or variables, and change Railway resources within that account scope.
The skill documents Railway token-based authentication and CI use of a Railway token. This is expected for a Railway deployment tool, but it grants delegated access to the user's Railway account or projects.
railway login --token <TOKEN>
...
RAILWAY_TOKEN: ${{ secrets.RAILWAY_TOKEN }}Use the least-privileged Railway token available, keep it in a secret manager, and revoke it when no longer needed.
A mistaken command could modify a database, change application state, or expose environment variables in the connected Railway service.
The skill documents running arbitrary user-specified commands with Railway environment variables and SSH access into services. This is normal for cloud app operations, but it can execute impactful commands in production-like contexts.
railway run <command> railway run python manage.py migrate railway run prisma db push railway ssh
Only run explicit, user-approved commands, especially for migrations, database operations, or SSH sessions.
The behavior ultimately depends on the installed Railway CLI version and its upstream package source.
The skill relies on the external Railway CLI distributed via Homebrew and, in the SKILL.md metadata, npm. This is purpose-aligned and no hidden helper code is present, but the installed CLI is outside the supplied artifact set.
"formula": "railway" ... "package": "@railway/cli"
Install the Railway CLI from official sources and keep it updated; review the CLI documentation before granting it account access.