Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (fzf fuzzy finder) match the included content: installation steps, shell integration, examples, and helper scripts. All requested actions (installing fzf, editing shell rc files, integrating with fd/bat/rg/docker/git) are expected for this capability. Minor inconsistency: SKILL.md metadata lists 'requires: fzf' while the registry metadata shows no required binaries — functionally the skill expects fzf to be present or to be installed.
Instruction Scope
Instructions tell the agent to check/install fzf, edit ~/.bashrc|~/.zshrc (eval "$(fzf --bash|--zsh)"), run package manager commands, clone GitHub, download releases, and add many helper functions. Those actions are within the skill's stated purpose. Some helper functions use eval (fh), kill/xargs (fkill), rm (safe_delete), docker exec/stop, and execute bindings — these execute or build commands and thus can perform destructive operations if used incorrectly. This is expected for a CLI toolkit but worth user awareness.
Install Mechanism
There is no formal install spec in the registry; the docs recommend standard, well-known install methods: Homebrew, package managers, git clone from the official GitHub, or GitHub releases (curl from github.com/junegunn/fzf). These are common and traceable installation methods; no obscure download hosts or shortcuts are used.
Credentials
The skill declares no environment variables or credentials. It references common environment variables like EDITOR and standard paths (~/.fzf, ~/.bashrc) which are appropriate. There are no requests for unrelated secrets or external tokens.
Persistence & Privilege
The skill will (per its instructions) modify user shell configuration files, clone into ~/.fzf, and may run installers requiring elevated privileges (sudo mv /usr/local/bin). always is false and the skill is user-invocable. Modifying dotfiles and installing binaries is expected for this skill but is a persistence/privilege-impacting action the user should confirm.
Assessment
This skill is internally consistent for teaching and automating fzf usage, but it will: (1) run network installs (brew, apt, curl/git clone from GitHub) and may use sudo to move binaries; (2) edit your shell startup files (~/.bashrc, ~/.zshrc) to add eval lines, exports, and functions; (3) provide helper functions that can run destructive commands (kill, rm, docker stop, eval history entries). Before allowing the agent to act: back up your dotfiles, review the exact install commands the agent proposes, verify downloads come from github.com/junegunn/fzf, and be cautious when authorizing actions that require sudo or that execute code from your history or selected items. If you prefer manual control, ask the agent to only show the commands to run (don’t execute them).Like a lobster shell, security has layers — review code before you run it.
latestvk97csf6nj6w85wc1fwaxqt4nkd84v9hs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔍 Clawdis