Insforge Cli
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running project creation may add new agent instructions to the workspace that future agents could follow.
A project-creation command can fetch and install additional agent skill instructions from outside the reviewed artifact set, changing future agent behavior without a documented version pin, opt-out, or rollback.
Installs InsForge Agent Skills via `npx skills add insforge/agent-skills` ... Agent skills are auto-installed into `.agents/skills/insforge/`.
Require explicit user approval before this step, pin or verify the source/version, inspect `.agents/skills/insforge/` after creation, and provide a documented removal or opt-out path.
Installing the CLI changes the local environment and trusts the npm package to handle credentials and backend operations correctly.
The skill delegates runtime behavior to a globally installed npm CLI that is not included in the reviewed files. This is purpose-aligned, but it is an external unpinned install path.
if the command is not found, install it: `npm install -g @insforge/cli`
Install only from the expected publisher, consider pinning a version, and review the CLI package before using it on sensitive projects.
A mistaken command could alter schemas, delete storage data, or bypass normal confirmations.
The skill exposes broad backend mutation and deletion commands, including an option to bypass prompts. These are central to the stated admin purpose but can be damaging if used on the wrong project or without review.
`insforge db query <sql>` — execute raw SQL ... `insforge storage delete-bucket <name>` — delete bucket and **all its objects** (destructive); `-y, --yes` — Skip confirmation prompts
Confirm the linked project with `insforge current`, review SQL and destructive commands before execution, and avoid `--yes` unless the user explicitly requests non-interactive operation.
Anyone or any agent using the local CLI session may be able to manage InsForge resources as the logged-in user.
The CLI uses persistent InsForge account tokens. This is expected for platform administration, but it means commands run with the user’s delegated account privileges.
Tokens are saved to `~/.insforge/credentials.json` with restricted file permissions (0600). Includes: `access_token` and `refresh_token` ... Tokens refresh automatically on 401 responses.
Use least-privileged accounts where possible, protect `~/.insforge/credentials.json`, log out when finished, and avoid placing passwords or tokens in shell history.
A schedule could keep invoking URLs or backend tasks until it is disabled or deleted.
The skill can create persistent scheduled backend actions. This is purpose-aligned for cron management, but scheduled jobs can continue running after the immediate user request ends.
`insforge schedules create --name --cron --url --method [--headers <json>] [--body <json>]` — create a cron job
Confirm the cron expression, destination URL, headers/body, and deletion plan before creating or updating schedules.