Raysurfer Code Caching
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent Raysurfer code-cache integration, but it can pull in and run remote code and upload full generated files to an external persistent cache without clear per-action approval.
Install only if you are comfortable sending task descriptions and selected/generated code to Raysurfer. Before using it on private repositories, require the agent to ask before uploads, review cached snippets before they are run, avoid public snippets unless trusted, and scan generated files for secrets.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or flawed cached snippet could be written into the project and run with the user's local permissions.
The skill instructs the agent to write and execute code retrieved from an external cache, including optional public snippets, based mainly on cache scores and votes rather than explicit human review or sandboxing.
When a good cache hit is found: ... Extract the `source` field ... Write it to the appropriate file(s) ... Run the code to verify it works.
Require user approval before applying or running cached code, inspect retrieved snippets first, and run untrusted code only in a sandbox or disposable environment.
Private or proprietary code, and any secrets accidentally included in generated files, could be stored externally and later influence future code suggestions.
The workflow directs the agent to send full file contents to Raysurfer for persistent reuse, but the artifacts do not define privacy boundaries, retention, secret filtering, or per-upload consent.
After successfully generating and running new code ... upload it for future reuse ... `file_written`: {"path": "relative/path/to/file.py", "content": "<full file content>"}Only upload non-sensitive code, add an explicit confirmation step before uploads, scan files for secrets, and clarify whether cached code is private, shared, or retained.
The API key grants access to the user's Raysurfer account and should be treated as a credential.
The skill requires a provider API token and sends it as the Authorization header to Raysurfer. This is expected for the service, and the artifacts do not show hardcoding, logging, or use of unrelated credentials.
**Auth**: Bearer token via the `RAYSURFER_API_KEY` environment variable
Set the key only in environments where Raysurfer should be used, avoid committing it to files, and rotate it if it may have been exposed.