Edithai
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A broad query could cause the CLI to inspect more files or system information than intended.
The skill explicitly documents local file operations and terminal diagnostic command execution. These are coherent for log analysis, but they are sensitive capabilities that should be scoped by the user.
- **File Operations**: Read, write, and search files - **Terminal Commands**: Safe execution of diagnostic commands
Run it from a limited working directory, specify exact log paths, and configure command whitelists/blacklists before use.
The installed npm package will implement the actual file, command, and API behavior, so trust depends on that external package.
The runnable CLI is installed from an external npm package, while the submitted artifacts contain no code files to review. This is a normal instruction-only integration pattern, but users should verify the package source and publisher.
Install EdithAI CLI: `npm install -g @xin9min9/edithai-cli`
Check the npm package, publisher, version, and repository before installing globally.
The CLI can use your DeepSeek account quota and may process data through that account.
The skill requires a DeepSeek API key. This credential is expected for the stated DeepSeek-powered analysis purpose, and the artifacts do not show hardcoding or leakage.
requires:
env:
- DEEPSEEK_API_KEYUse a dedicated API key with appropriate quota limits and rotate it if you no longer use the skill.
Selected log contents or summaries may be sent to DeepSeek for processing.
The skill discloses use of an external AI provider for log analysis. This is purpose-aligned, but logs may contain secrets, personal data, or business-sensitive information.
It leverages the DeepSeek API to provide intelligent insights into log data
Review logs for sensitive data, use provider-approved data handling practices, and avoid sending secrets or regulated data unless permitted.
Sensitive analysis context may remain on disk after a session ends.
The tool stores conversation history locally. This is disclosed, but history may include sensitive queries, filenames, or log-derived context.
History file: `~/.edithai/history.json`
Periodically review or delete ~/.edithai/history.json, especially after analyzing sensitive logs.