Deutsche Bahn CLI
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent train-search helper, but users should verify the local bahn-cli project before running its npm install or Node commands.
Before installing or using this skill, make sure the ~/Code/bahn-cli project is the train-search CLI you intend to use and that you trust its source. The supplied skill instructions themselves are scoped to train-search queries and do not request credentials or sensitive access.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running npm install in an untrusted local project can execute dependency or package setup code on the user's machine.
The skill relies on installing dependencies for a local project that is not included in the artifact set. This is a common CLI setup pattern, but users should trust the local bahn-cli source before running npm install.
cd ~/Code/bahn-cli && npm install
Confirm that ~/Code/bahn-cli comes from a trusted source and review its package files before installing dependencies.
The assistant may run the local bahn-cli program to look up train routes.
The skill's operation depends on executing a local Node.js CLI. This is central to the stated purpose and is limited in the instructions to train-connection searches.
cd ~/Code/bahn-cli && node index.js search "<from>" "<to>" [options]
Use this skill only if the local bahn-cli program is expected and trusted; keep searches limited to the documented route/date/time options.