Meow Finder
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: meow-finder Version: 1.0.0 The skill bundle implements a simple, offline CLI tool to search for AI tools from a local JSON dataset. The `bin/meow-finder.js` script reads `data/tools.json` and filters results based on command-line arguments. There is no evidence of data exfiltration, malicious execution, persistence, or prompt injection attempts in `SKILL.md` or `README.md`. Although `package.json` lists `node-fetch` as a dependency, the provided JavaScript code does not actually use it or perform any network requests, making the skill's operation entirely local and benign.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A global npm install may pull in additional third-party code even though the CLI itself appears to be a local catalog searcher.
The visible CLI only requires the local data/tools.json file, so these caret-ranged third-party packages, including an unused network library, add supply-chain surface beyond what the reviewed code needs.
"dependencies": { "commander": "^12.0.0", "node-fetch": "^3.3.0", "chalk": "^5.3.0" }Install only if you trust the package source; consider reviewing the repository, pinning dependencies, or removing unused dependencies before global installation.