Back to skill
v1.0.0
Railil
BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:50 AM.
Analysis
This instruction-only skill coherently installs and uses the Railil CLI for train schedule searches, with no credentials, persistence, or unrelated authority shown.
GuidanceThis appears safe for its stated purpose. Before installing, make sure you are comfortable installing the `railil` npm package globally; the provided skill instructions otherwise only use it to look up train schedules.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Abnormal behavior control
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
npm install -g railil
The skill relies on installing a third-party npm package globally to provide the `railil` CLI binary. This is purpose-aligned and disclosed, but it means the user must trust that package.
User impactInstalling the skill may require adding a global npm CLI tool to the user's environment.
RecommendationInstall only if you trust the `railil` npm package and its linked project; keep the package updated through normal npm maintenance.