trae-agent
PassAudited by VirusTotal on May 7, 2026.
Overview
Type: OpenClaw Skill Name: ah-trae-agent Version: 1.0.0 The skill bundle describes a repository-level coding agent with high-risk capabilities, including multi-file editing and the execution of shell commands for code validation (e.g., `npm test`, `npx tsc`) as seen in `references/examples.md`. While these functions are aligned with the stated purpose of a development assistant in `SKILL.md`, the inherent ability to execute arbitrary commands and modify the filesystem represents a significant risk profile. No clear evidence of intentional malicious behavior or data exfiltration was identified.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on the wrong repository or with an overly broad request, the agent could make unwanted code changes or remove files.
The skill is explicitly designed to modify and potentially delete repository files. This is expected for a repository code agent, but it is still mutation authority that should be user-directed and reviewed.
Multi-file editing | Edit multiple files in one operation ... 4. **Delete** - Remove code safely
Use version control, review diffs before accepting changes, and ask the agent to confirm before broad refactors or deletions.
Running tests or lint scripts in an untrusted repository could execute code from that repository on the user's machine.
The example validation flow runs project commands. That is normal for software validation, but npm scripts can execute arbitrary local project code.
command: 'npm run lint' ... command: 'npm test'
Run validation in a sandbox or container when working with untrusted code, and review package scripts before execution.
Sensitive files accidentally included in the repository could be indexed and reused in later context for the task.
The example describes repository indexing with embeddings and stored code metadata. This is aligned with repository search, but it may capture private code or secrets if the repository is not scoped or cleaned.
const embeddings = await this.indexer.generateEmbeddings(file, symbols); ... await this.indexer.store(file, { ast, symbols, embeddings });Exclude secrets, build artifacts, and private data from the repository index, and clear any generated index when finished if retention is not desired.
Users have less external context for who maintains the skill or where its instructions came from.
The skill has limited provenance information, although it does not include executable install code or dependencies.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Treat it as an unverified instruction-only skill and review its behavior in a small repository before relying on it for important code changes.