Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Radon AI
v1.0.0Use Radon IDE's AI tools for React Native development - query library docs, view logs and network traffic, take screenshots, inspect component trees, and int...
⭐ 0· 662·1 current·1 all-time
byIgnacy Łątka@latekvo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to be an MCP server exposing rich runtime tools for Radon IDE (logs, network bodies, screenshots, component tree, reloads). The SKILL.md lists prerequisites (Radon extension, license) but provides no host/URL, port, protocol, RPC schema, or client binding for contacting any MCP server. That gap makes the advertised capabilities incoherent with the provided artifacts — either the skill is incomplete (no connector) or it expects implicit local infrastructure that is not specified. Additionally, the described capabilities inherently grant access to potentially sensitive app data (network bodies, headers, screenshots) which should be explicitly justified and scoped.
Instruction Scope
The runtime instructions direct use of tools that read and return build/runtime logs, full network request details (headers and bodies), and screenshots. These actions can expose secrets (API tokens, PII) from the developer environment or the app under test. The SKILL.md does not specify safeguards, consent flows, filtering, or limits on what data will be returned, nor does it describe how tool calls are made or authorized. It is vague about when and how the agent should call these tools, which grants broad discretion and could lead to over-collection of sensitive data.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing will be downloaded or written by the platform installer. That lowers supply-chain risk compared with skills that fetch binaries or archives.
Credentials
The skill declares no required environment variables or credentials, which is consistent with being an instruction-only descriptor. However, the described tools would access highly sensitive runtime artifacts (network request bodies, headers, logs, screenshots) if the underlying Radon IDE/MCP server is available. Because the SKILL.md does not require or describe any explicit authorization tokens or consent mechanics, it's unclear how access control to those sensitive artifacts is enforced — this mismatch should be clarified before trusting the skill.
Persistence & Privilege
The skill does not request always:true and does not include install-time persistence mechanisms. Autonomous invocation is allowed by default (disable-model-invocation: false), which is platform normal; there is no indication the skill modifies other skills or system-wide settings.
What to consider before installing
This skill claims powerful debugging access (logs, network bodies, screenshots, app control) but the instructions never say how the agent will connect to Radon’s MCP server, what endpoint or auth to use, or what safeguards exist. Before installing or letting the agent use it: (1) Ask the author for the connector details — host/port, API schema, and auth mechanism — and only allow local-only endpoints (e.g., localhost) with explicit consent. (2) Confirm the Radon IDE extension source and license and that it restricts access to test/dev apps (not production data). (3) Request explicit data-handling rules (filtering of secrets, opt-in consent for network bodies/screenshots). (4) Test the skill in an isolated/sandbox environment with no sensitive backends or real credentials. If the author cannot supply concrete connection/auth information and data-protection controls, treat the skill as non-functional or potentially risky and avoid giving it access to sensitive projects.Like a lobster shell, security has layers — review code before you run it.
latestvk97ecrbg69dpbn0xpzzfzs6kts81eaj0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.