ClawHub

Alon Search Skill Plus

v0.1.4

Search agent skills across trusted directories, ClawHub, and GitHub adaptation candidates with explicit ranking and safety filters.

0· 56·0 current·0 all-time
byalon@alondotsh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description match the SKILL.md contents: the skill is explicitly a multi-source skill discovery tool (trusted directories, ClawHub, GitHub). No unrelated credentials, binaries, or system-level accesses are requested.
Instruction Scope
Runtime instructions limit searches to a small set of listed sources and prescribe controlled keyword expansion and safety filters. This necessarily involves fetching metadata and repo files (e.g., SKILL.md, plugin.json, READMEs) from third-party sites — expected for this purpose but worth attention because the agent will access external repos and present adaptation candidates.
Install Mechanism
There is no install spec and no code files in the skill bundle (instruction-only), so nothing is written to disk by the skill itself. README suggests an external 'npx skills add ...' installation pattern — that is advisory and not part of this skill package, but users should review any code pulled by npx before running it.
Credentials
The skill declares no required environment variables, credentials, or config paths. Its functionality (public repo and directory searches) does not justify additional secrets. Note: using authenticated GitHub APIs is not declared, so the agent would rely on unauthenticated access or platform-provided credentials (if any).
Persistence & Privilege
The skill is not forced-always (always:false) and is user-invocable. It does not request persistent system-wide changes or access to other skills' configs in the provided instructions.
Assessment
This skill is coherent and appears to do what it says: search curated skill directories and GitHub with guarded keyword expansion and safety notes. Before installing or acting on recommendations: (1) remember the skill will fetch metadata and files from third-party repos—review any low-trust or ClawHub-sourced skill code before installing; (2) the README suggests installing via npx which would download code from npm — do not run npx/npm installs unless you inspect the package/source first; (3) if you expect higher-volume GitHub queries consider whether authenticated API access (not declared) would be needed and whether you want to provide such credentials; and (4) treat results from Tier 3 (aggregators) and ClawHub with extra caution as the SKILL.md itself warns.

Like a lobster shell, security has layers — review code before you run it.

latestvk97beyrd87r5dcra0ze0vns2hx844xe8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments