ClawHub

Meow Finder

v1.0.0

CLI tool to discover AI tools. Search 40+ curated tools by category, pricing, and use case.

2· 2.5k·12 current·12 all-time
by@abgohel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (discover AI tools) align with the included files: a small CLI (bin/meow-finder.js) and a data/tools.json list. However, package.json lists dependencies (node-fetch, commander, chalk) that the shipped CLI does not use; this is a packaging inconsistency but not evidence of malicious intent.
Instruction Scope
SKILL.md contains only usage and installation docs for an offline CLI and points to the included data file. The runtime instructions do not ask the agent to read unrelated system files, access credentials, or transmit data to external endpoints.
Install Mechanism
There is no install spec in the registry (instruction-only), but SKILL.md tells users to npm install or git clone. Installing from npm/git would fetch code from the registry or GitHub; the packaged files here contain no downloads or extract steps. Minor concern: package.json declares network-capable dependency (node-fetch) even though the shipped CLI doesn't use it—this means an npm install would still pull additional packages from the registry.
Credentials
The skill requires no environment variables, no credentials, and references only its local data file. There is no disproportionate credential or config access.
Persistence & Privilege
always is false and the skill does not request persistent system modifications. It does not modify other skills or system-wide agent settings.
Assessment
This skill appears to be an offline CLI that searches a bundled JSON of AI tools and is internally coherent. Before installing: (1) if you plan to run npm install -g meow-finder, verify the package source (registry/GitHub) because npm will fetch dependencies listed in package.json; (2) note package.json lists node-fetch/commander/chalk though the provided bin script doesn't use them — a minor packaging inconsistency but not necessarily malicious; (3) review the repository (https://github.com/abgohel/meow-finder) and package.json for any unexpected lifecycle scripts before installing globally. If you only want to use the data, you can inspect data/tools.json locally without running external installs.

Like a lobster shell, security has layers — review code before you run it.

latestvk9787fzgbajwr2n9byqrrtt1hh805f2m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

😼 Clawdis

Comments