Code Cache
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly coherent, but it retrieves remote cached code for execution and writes API-provided filenames to disk without safely constraining the output path.
Review before installing. If you use it, only upload code you are comfortable sending to Raysurfer, inspect and sandbox any retrieved code before running it, choose a safe cache directory, and prefer a fixed trusted raysurfer package version. The file path validation issue should be fixed before using this skill in sensitive workspaces.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bad remote cache response could place or overwrite files outside the intended cache folder, potentially affecting local projects or startup/config files.
The filename comes from the Raysurfer API response and is written without validation; absolute paths or '../' segments could escape the requested cache directory and overwrite files the user can write.
file_path = cache_path / f.filename
file_path.write_text(f.source)Sanitize returned filenames, reject absolute paths and path traversal, resolve the final path and verify it stays inside the cache directory, and ask before overwriting existing files.
The agent may run cached code that is unsafe, stale, malicious, or inappropriate for the current environment.
The skill's stated workflow encourages running code retrieved from an external cache, but the artifacts do not show a mandatory review, integrity check, sandbox boundary, or user approval step before execution.
the agent can retrieve and run the cached code instead of regenerating it
Treat all retrieved code as untrusted, review it before execution, run it only in a sandbox, and require explicit user approval before executing downloaded cached code.
Instructions or comments embedded in cached code or provider-supplied prompt text could steer the agent if treated as authoritative.
The skill outputs provider-supplied text intended to be added to the LLM prompt, so cached content can influence later agent context if reused without a trust boundary.
print(f"\n--- Add to LLM prompt ---\n{result.add_to_llm_prompt}")Clearly label retrieved prompt additions as untrusted context, strip or isolate instructions inside cached code, and avoid letting cached content override the user's current goal.
Anyone with this key may be able to use the associated Raysurfer account or cache resources.
The skill requires a Raysurfer API key to access the external caching service; this is expected for the integration and no credential leakage is shown.
requires":{"env":["RAYSURFER_API_KEY"]},"primaryEnv":"RAYSURFER_API_KEY"Use a least-privilege API key if available, keep it out of shared files and logs, and rotate it if it may have been exposed.
The behavior of the installed dependency is outside this artifact review and may change depending on the package version installed.
The reviewed source depends on the external raysurfer package, but no pinned install specification or vendored dependency code is included in the artifacts.
from raysurfer import RaySurfer
Install the dependency from a trusted source, pin a known-good version, and review the package if this skill will handle sensitive code.