v0.1.0

Railway

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:18 AM.

Analysis

This appears to be a legitimate Railway CLI helper, but it deserves review because it can deploy, modify, or delete cloud resources and use Railway account credentials.

GuidanceInstall this only if you want the agent to help manage Railway projects. Before use, decide which Railway project and environment it may touch, use the least-privileged token or account available, and require explicit confirmation before production deploys, deletes, database migrations, SSH sessions, or environment-variable changes.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

railway up --environment production ... railway service delete <SERVICE_NAME> ... railway environment delete <ENV_NAME> ... railway volume delete <VOLUME_ID>

These commands can deploy to production and delete Railway services, environments, and volumes. That is aligned with the skill purpose, but it is high-impact account mutation without explicit confirmation or scope limits in the instructions.

User impactAn agent using this skill could make production changes or delete cloud resources if directed or if it misinterprets a task.

RecommendationUse only with explicit project and environment instructions, and require confirmation before production deploys, deletes, database migrations, or other irreversible changes.

Unexpected Code Execution

SeverityMediumConfidenceHighStatusNote

SKILL.md

railway run <command> ... railway run python manage.py migrate ... railway run prisma db push ... railway ssh

The skill documents running commands with Railway environment variables and opening SSH sessions. This is relevant to deployment operations, but it can execute commands that affect application state or production databases.

User impactCommands such as migrations, database pushes, or shell access could change live application data or infrastructure.

RecommendationConfirm the exact command, Railway project, service, and environment before allowing run or SSH workflows, especially for production databases.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

"kind": "npm", "package": "@railway/cli"

The skill offers a package-manager install path for the Railway CLI. This is expected for a CLI-based skill, but it relies on the external package source and is not pinned in the artifact.

User impactInstalling the CLI from an unexpected or compromised package source could affect the local environment used for deployments.

RecommendationInstall the Railway CLI from the official Railway documentation or trusted package manager, and keep it updated.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

railway login --token <TOKEN> ... RAILWAY_TOKEN: ${{ secrets.RAILWAY_TOKEN }}

The skill expects Railway account authentication via login or token. This is normal for Railway management, but the token may grant significant cloud-account authority.

User impactA Railway token or logged-in CLI session could allow the agent to view or change projects, deployments, variables, services, and databases within that account's permissions.

RecommendationUse least-privilege Railway tokens where possible, avoid pasting broad tokens into chat, and log out or rotate credentials if they are no longer needed.