v1.1.0

CFGPU API Skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:31 AM.

Analysis

This skill matches its stated GPU-cloud purpose, but it handles a powerful cloud API token and includes unsafe shell construction that could execute local commands if given crafted inputs.

GuidanceReview this skill carefully before installing. If you use it, use a limited CFGPU token if available, do not let the agent run create/release/change-image commands without explicit approval, and consider fixing or avoiding the eval-based helper script until it safely quotes curl arguments.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution

SeverityHighConfidenceHighStatusConcern

scripts/cfgpu-helper.sh

local curl_cmd="curl -s -H 'Authorization: $CFGPU_API_TOKEN'" ... curl_cmd="$curl_cmd -H 'Content-Type: application/json' -d '$data'" ... eval "$curl_cmd '$CFGPU_API_BASE$endpoint'"

The script builds a shell command string from API data and endpoints, then runs it with eval. Several values used in that string come from command arguments or interactive input, so crafted quotes or shell metacharacters could turn an intended API call into local command execution.

User impactA malformed instance name, image ID, instance ID, or other argument could potentially run unintended shell commands on the user's machine when the helper script is used.

RecommendationReplace eval with a safely quoted curl argument array, validate IDs and names, and avoid embedding JSON or URLs into shell command strings.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

scripts/cfgpu-helper.sh

release_instance() { ... echo "Releasing instance $instance_id..." ... api_request "POST" "/userapi/v1/instance/$instance_id/release" | jq '.' }

The direct release path performs a destructive cloud operation without an in-script confirmation prompt, unlike the interactive create wizard.

User impactIf the agent or user runs the direct release command on the wrong instance ID, the instance could be removed without a final safeguard.

RecommendationAdd confirmation prompts or a --yes flag for release, change-image, and other high-impact operations, and require explicit user approval before the agent invokes them.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

package.json

"repository": { "type": "git", "url": "https://github.com/yourusername/cfgpu-api-skill.git" }

The package metadata uses a placeholder repository URL, and the registry lists the source as unknown, so provenance is not well established even though the included code is available for review.

User impactUsers have less external provenance information for verifying who maintains the scripts or where updates come from.

RecommendationPublish a real repository/homepage and keep registry metadata aligned with the reviewed source.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

scripts/cfgpu-helper.sh

CFGPU_API_TOKEN="${CFGPU_API_TOKEN:-}" ... CFGPU_API_TOKEN_FILE="${CFGPU_API_TOKEN_FILE:-$HOME/.cfgpu/token}" ... POST /userapi/v1/instance/create ... /start ... /stop ... /release ... /changeImage

The helper uses a CFGPU account token to perform full lifecycle cloud-instance operations, including creating resources that may incur costs and releasing or changing existing instances.

User impactInstalling and using the skill gives the agent a path to mutate CFGPU cloud resources and potentially affect billing or delete/reconfigure instances.

RecommendationUse a least-privilege token if CFGPU supports one, review every create/release/change-image action before running it, and consider adding explicit confirmations for destructive or cost-incurring direct commands.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

scripts/setup-env.sh

echo "$api_token" > ~/.cfgpu/token ... chmod 600 ~/.cfgpu/token ... echo "export CFGPU_API_TOKEN=\"$api_token\"" >> "$SHELL_RC"

The setup script stores the API token persistently in a home-directory token file and may also write the plaintext token into .bashrc or .zshrc.

User impactThe CFGPU token may remain on disk and in shell startup files after setup, which increases exposure if those files are backed up, shared, or later read by other tools.

RecommendationPrefer session-only environment variables or a dedicated secrets manager; if a token file is used, document cleanup steps and avoid writing the token into shell startup files by default.