Back to skill
Skillv1.0.0
ClawScan security
Chen Find Skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 22, 2026, 3:34 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's behavior and requirements match its stated purpose (finding and installing other skills), but its runtime instructions advise installing third‑party packages via npx (including a -g -y option) which carries the usual risks of executing external code — verify packages before installing.
- Guidance
- This skill is coherent for finding and installing other skills, but installing a skill with 'npx skills add' downloads and runs code from third parties. Before installing: verify the package owner and repository on skills.sh or GitHub, inspect package metadata and install scripts, prefer local/non-global installs if unsure, and do not allow the agent to run global installs with '-y' without your explicit permission. If you want stricter safety, ask the agent to show the exact install command and repository link and then run the command yourself after manual review or run installs inside a sandbox/container.
Review Dimensions
- Purpose & Capability
- okName, description, and SKILL.md all describe searching for and installing skills using the Skills CLI (npx skills). There are no unrelated env vars, binaries, or config paths requested; the requested capabilities align with the stated purpose.
- Instruction Scope
- noteInstructions are focused on search and install workflows (npx skills find/add/check/update) and do not ask the agent to read unrelated files or secrets. However the guidance explicitly recommends installing packages (including 'npx skills add <...> -g -y'), which can execute arbitrary install scripts from third‑party repos and can install globally without interactive confirmation. The skill does not instruct verification steps (audit package, review repository, check install scripts).
- Install Mechanism
- noteThere is no install spec in the skill bundle itself (instruction-only), which is low-risk. Runtime instructions rely on the public 'npx skills' CLI and downloading/installing skill packages from GitHub/skills.sh. That is expected for a discovery/install tool but inherently allows execution of upstream package install scripts; users should treat installs as execution of third‑party code.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. No disproportionate secret access is requested.
- Persistence & Privilege
- noteThe skill is not always-enabled and uses normal autonomous invocation settings. The potential privilege concern is operational rather than intrinsic: the SKILL.md encourages global installs (-g) and skipping confirmations (-y), which can change user system state and require elevated access depending on environment. This is a legitimate behavior for an installer but should be executed only with explicit user consent.