multi-agent-team
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant may guide or automate substantial project changes when invoked for full lifecycle work.
The skill documents local Python commands that can automate a full project lifecycle. This is consistent with the developer-assistant purpose, but it is high-impact if run in the wrong repository or without review.
python3 scripts/trae_agent_dispatch.py --task "启动项目:安全浏览器广告拦截功能" --project-full-lifecycle
Run it only inside the intended repository, use version control, and require confirmation before file edits, commits, releases, or broad refactors.
Private project information could be summarized into local generated documents and reused in later work.
The skill can read project documentation and code to create reusable understanding documents. This is expected for the purpose, but generated context may contain private design, code, or accidental secrets.
项目理解: 快速读取项目文档和代码,生成项目理解文档
Use it on a scoped project path, exclude secret files, and review generated project-understanding documents before sharing them.
A long task may keep progressing across context limits, potentially making more changes than expected if boundaries are not set.
The skill describes automatic continuation and persistent progress recovery. This is disclosed and tied to long development tasks, but users should notice that work may continue without repeated manual prompting.
系统自动做的: 自动保存进度; 自动恢复上下文; 自动继续执行; 自动验证结果
Ask the assistant to pause at defined checkpoints and require explicit approval before modifying, deleting, committing, or publishing files.
Users have less provenance information for scripts they may choose to run locally.
The registry metadata has limited provenance, while the manifest includes Python helper files and SKILL.md documents Python execution examples. No malicious behavior is shown, but the source context is incomplete.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Inspect the included Python files before use and prefer running them in a clean, version-controlled project workspace.