traefik
https://clawhub.ai/api/v1/skills/traefik-mantrae-diagnostics/file?path=SKILL.md&version=0.1.0
github.com/clawhub.ai/traefik-mantrae-diagnostics
Scanned Thu, 28 May 2026 16:08:44 GMT
Scan ID crawl-p6pzfj72nopn0on9i1insn7n · 2ms
C
SCORE 55 / 100
Verdict: Proceed with caution

4 high-severity findings.

This skill reads protected filesystem locations plus 4 other issues listed below.

0 critical4 high1 medium7 rules passed

Why grade C?

score · 55 / 100

The current grade reflects 4 high-severity findings (3+ HIGHs → C).

0 CRIT4 HIGH1 MED0 LOW
To reach a higher grade
  • B
    Reach Btarget score 75

    Resolve 2 of 4 HIGH (cap is 2).

  • A
    Reach Atarget score 95

    Resolve all 4 HIGH.

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Findings · ordered by severity

high
Sensitive filesystem path referenced
The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.
rule: filesystem-overreachline: 102CWE-552
100
101```bash
102ssh -i ~/.ssh/traefik_readonly user@traefik-host 'systemctl status traefik --no-pager'sensitive path — credential-exfiltration vector
103ssh -i ~/.ssh/traefik_readonly user@traefik-host 'journalctl -u traefik --since "2 hours ago" --no-pager'
104ssh -i ~/.ssh/traefik_readonly user@traefik-host 'journalctl -u traefik --since "1 hour ago" --no-pager | grep -E "\" 5[0-9][0-9] "'
high
Sensitive filesystem path referenced
The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.
rule: filesystem-overreachline: 103CWE-552
101```bash
102ssh -i ~/.ssh/traefik_readonly user@traefik-host 'systemctl status traefik --no-pager'
103ssh -i ~/.ssh/traefik_readonly user@traefik-host 'journalctl -u traefik --since "2 hours ago" --no-pager'sensitive path — credential-exfiltration vector
104ssh -i ~/.ssh/traefik_readonly user@traefik-host 'journalctl -u traefik --since "1 hour ago" --no-pager | grep -E "\" 5[0-9][0-9] "'
105ssh -i ~/.ssh/traefik_readonly user@traefik-host 'journalctl -u traefik --since "1 hour ago" --no-pager | grep "router-name@http"'
high
Sensitive filesystem path referenced
The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.
rule: filesystem-overreachline: 104CWE-552
102ssh -i ~/.ssh/traefik_readonly user@traefik-host 'systemctl status traefik --no-pager'
103ssh -i ~/.ssh/traefik_readonly user@traefik-host 'journalctl -u traefik --since "2 hours ago" --no-pager'
104ssh -i ~/.ssh/traefik_readonly user@traefik-host 'journalctl -u traefik --since "1 hour ago" --no-pager | grep -E "\" 5[0-9][0-9] "'sensitive path — credential-exfiltration vector
105ssh -i ~/.ssh/traefik_readonly user@traefik-host 'journalctl -u traefik --since "1 hour ago" --no-pager | grep "router-name@http"'
106```
high
Sensitive filesystem path referenced
The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.
rule: filesystem-overreachline: 105CWE-552
103ssh -i ~/.ssh/traefik_readonly user@traefik-host 'journalctl -u traefik --since "2 hours ago" --no-pager'
104ssh -i ~/.ssh/traefik_readonly user@traefik-host 'journalctl -u traefik --since "1 hour ago" --no-pager | grep -E "\" 5[0-9][0-9] "'
105ssh -i ~/.ssh/traefik_readonly user@traefik-host 'journalctl -u traefik --since "1 hour ago" --no-pager | grep "router-name@http"'sensitive path — credential-exfiltration vector
106```
107
med
No capability manifest declared
The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.
rule: no-manifest
Scan another →Share
skillox.io/r/crawl-p6pzfj72nopn0on9i1insn7n