Back to skill
Skillv1.0.3
ClawScan security
redc · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 11, 2026, 8:44 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to be what it claims (a Terraform-based multi-cloud red-team deployment helper) but its metadata under-declares required credentials and the runtime instructions admit templates can execute arbitrary local/remote code — this combination warrants caution.
- Guidance
- This tool is a legitimate Terraform-based multi-cloud deployment helper, but exercise caution before using it. Key actions to take before installing or running: 1) Only install the redc binary from the official GitHub releases and verify checksums as instructed. 2) Do not set multiple cloud provider credentials at once; set only the single provider credentials you intend to use and prefer short-lived, scoped credentials or roles. 3) Always inspect templates (main.tf, provisioners, user_data, local-exec) and run terraform plan — templates can run arbitrary commands locally or on instances. 4) Run redc in an isolated environment or throwaway cloud accounts when testing. 5) Be aware metadata under-declares provider env vars (only Alibaba is listed) — the skill can legitimately use many other provider credentials, so double-check which secrets you supply. If you are not comfortable manually auditing Terraform templates or limiting credentials, avoid using this skill or restrict it to a disposable VM/account.
Review Dimensions
- Purpose & Capability
- noteName/description, required binaries (redc, terraform), and the SKILL.md all describe a Terraform-backed multi-cloud deployment tool — those requirements are proportionate to the stated purpose. However, the metadata only lists Alibaba Cloud env vars while the SKILL.md documents many provider-specific env vars (AWS, Azure, Tencent, Volcengine, Huawei, etc.), so the declared required env vars are incomplete compared with the runtime behavior.
- Instruction Scope
- concernSKILL.md instructs the agent/user to run the redc CLI and Terraform and explicitly warns that templates may include 'remote-exec', 'local-exec', and user_data/cloud-init that can run arbitrary code on created instances or the local machine. While the document advises inspecting templates and running terraform plan first, the runtime behavior of applying templates can execute arbitrary commands and potentially access local files or environment variables — this is within the tool's normal purpose but is high-risk and requires manual vetting before use.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files present; it relies on existing binaries (redc and terraform). This is the lowest-risk install mechanism from the platform perspective.
- Credentials
- concernThe skill will read sensitive credentials from environment variables or a local config.yaml. Metadata lists only ALICLOUD_ACCESS_KEY and ALICLOUD_SECRET_KEY, but SKILL.md shows many other provider secrets may be used (AWS, Azure, Tencent, etc.). Under-declaring these in metadata is an incoherence: the skill can legitimately need many different provider credentials depending on which provider is used, but the platform metadata does not reflect that. Any required env vars are high-sensitivity (ACCESS_KEY/SECRET) and should be scoped, short-lived, and set only for the single provider in use.
- Persistence & Privilege
- okThe skill is not configured as always:true and does not request persistent platform-level privileges. Model invocation is allowed (the default), which is expected for skills. The SKILL.md refers to a local config.yaml managed by redc, which is normal for a CLI tool and does not indicate cross-skill or system-wide privilege escalation.