ClawHub
Back to skill
v1.0.0

redis-tools

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:37 AM.

Analysis

The skill appears to be a straightforward Redis reference and monitoring helper, but it may use Redis passwords/server access and includes dangerous Redis commands in its reference output.

GuidanceInstall if you want a Redis cheatsheet plus user-invoked Redis connection tests and monitoring. Avoid giving it production Redis credentials unless necessary, use least-privilege access, and do not run destructive Redis commands from the cheatsheet unless you deliberately intend their effects.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
scripts/script.sh
FLUSHDB [ASYNC|SYNC]
  Delete all keys in the current database.
  ⚠️  Irreversible!

FLUSHALL [ASYNC|SYNC]
  Delete all keys in all databases.
  ⚠️  Irreversible!

The Redis cheatsheet documents destructive administrative commands. The visible artifact presents them as reference text with warnings, not as commands the script runs automatically.

User impactA user or agent copying these reference commands into Redis could delete data if not careful.
RecommendationTreat destructive Redis commands as documentation only unless you explicitly intend to run them; double-check production targets before using commands such as FLUSHDB or FLUSHALL.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceMediumStatusNote
metadata
Source: unknown
Homepage: none

The registry metadata does not provide an upstream source or homepage. The skill's behavior is still coherent, but provenance is limited.

User impactUsers have less external provenance information for confirming who authored or maintains the skill.
RecommendationReview the included script before use and install redis-cli only from trusted package managers or official Redis distribution channels.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
bash script.sh test [host] [port] [password]
bash script.sh monitor [host] [port] [password]

The skill can be given a Redis password and used to query a Redis server. This is expected for connection testing and monitoring, but it is still account/database access.

User impactIf used with real Redis credentials, the agent may access Redis server information and keyspace statistics for that instance.
RecommendationUse only Redis credentials and hosts you intend the agent to access; prefer least-privilege or non-production credentials where possible.