Security
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent and purpose-aligned, but it sends the instruction being checked to a disclosed external safety backend and relies on the caller to enforce the result.
This skill appears safe to install for its stated purpose if you are comfortable sending operation descriptions and targets to the configured Modeio safety backend. Keep SAFETY_API_URL trusted, avoid placing secrets in safety-check inputs, and ensure your agent fails closed if the check errors or returns a blocking decision.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Operation details such as file paths, database targets, service names, or sensitive instructions may be sent to the configured safety backend.
The CLI posts the instruction, optional context, and target to an external backend; the endpoint can also be changed through an environment variable.
URL = os.environ.get("SAFETY_API_URL", "https://safety-cf.modeio.ai/api/cf/safety") ... resp = requests.post(url, json=json_payload, timeout=timeout)Use only with a trusted backend endpoint, avoid including secrets in the instruction/context/target, and check SAFETY_API_URL if the environment may be shared or modified.
If the caller ignores the returned policy or treats failures as approval, the safety check will not protect later tool actions.
The safety tool provides a decision but does not itself block or approve subsequent side-effecting actions; enforcement depends on the calling agent.
The CLI forwards the request and returns the backend result; it does not locally enforce caller policy
Configure the calling workflow to fail closed on errors and require the confirmations described in the skill's policy table for medium, high, or critical risks.
The live check may fail if requests is unavailable, or users may need to manage the dependency from their own trusted Python environment.
The skill discloses a Python package dependency, while the provided install information has no install spec or package pinning; this is an operational dependency note rather than hidden behavior.
- Required package for successful live checks: `requests`
Install dependencies from a trusted, pinned environment where possible; maintainers could add an explicit install spec or dependency declaration.