Unified Find Skills
PassAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is coherent for finding and installing agent skills, but users should review third-party skills carefully before allowing global installs.
This skill appears benign and purpose-aligned. Before installing any skill it finds, review the selected skill's source and registry details, avoid sensitive search terms, and be cautious with global installs or commands that skip confirmation.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing an unreviewed skill could add new instructions or capabilities to the user's agent.
The skill documents installing third-party agent skills globally and skipping installer confirmation prompts. This is aligned with the skill's purpose, but it changes the user's agent environment and depends on external registry content.
npx skills add <owner/repo@skill> -g -y
Review the skill source, registry page, owner, and version before installing, and avoid using skip-confirmation flags unless the user has already approved the exact skill.
If a search query is copied into a shell command carelessly, unusual characters in the query could cause command errors or unsafe shell behavior.
The skill instructs the agent to run local CLI commands using a user-derived search query. This is expected for a registry-search skill, but queries should be quoted or otherwise handled safely.
npx skills find [query] --limit 5
Quote or escape user-provided search terms and ask for explicit approval before running install commands.
Task descriptions used as search terms may be visible to third-party registry services or their network logs.
The skill sends task/search information to external registry services. This is disclosed and purpose-aligned, but users should avoid including sensitive details in search queries.
Search all available registries... npx skills find [query] ... clawhub search "[query]" ... curl -s "https://tessl.io/registry/discover?contentType=skills"
Use general search terms and avoid putting secrets, private project names, or confidential details in skill searches.