find-skills
PassAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is coherent for finding skills, but it can install global skills from external sources while skipping CLI prompts, so users should review installs first.
This skill appears benign for discovering skills. Use it for searching, but before installing anything, verify the skill source and consider running install commands yourself without `-y` so you can see confirmation prompts.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user approves an install too quickly, a new skill may be added globally and affect future agent behavior without the CLI's normal confirmation step.
This is purpose-aligned for a skill installer, but global installation with skipped prompts can change the user's agent environment and should be reviewed before use.
npx skills add <owner/repo@skill> -g -y The `-g` flag installs globally (user-level) and `-y` skips confirmation prompts.
Before installing, review the skill name, source, description, and any requested capabilities; consider omitting `-y` so the CLI confirmation remains visible.
Installing a third-party skill can introduce new instructions or capabilities into the agent environment.
The workflow intentionally installs skills from external sources. That is central to the stated purpose, but source trust and provenance matter.
`npx skills add <package>` - Install a skill from GitHub or other sources
Prefer well-known sources, inspect the skill page and files before installation, and avoid installing unknown skills globally unless needed.
The skill identity may be confusing or stale, making it harder to confirm exactly which package is being reviewed.
The embedded metadata differs from the registry metadata shown for this review, which lists a different owner ID, slug, and version. This is a provenance inconsistency, though no malicious behavior is shown.
"ownerId": "kn77ajmmqw3cgnc3ay1x3e0ccd805hsw", "slug": "find-skills", "version": "0.1.0"
Verify the registry listing and publisher before relying on this skill, especially because it helps install other skills.