find-skills-wzr-999
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill’s purpose is clear, but it documents a workflow that can install third-party agent skills globally while skipping confirmation prompts.
Before using this skill to install anything, ask the agent to show the exact skill package, source link, and expected effects. Prefer running the install yourself or asking the agent not to use `-y`, so you can review any prompts.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user who agrees to proceed could have a third-party skill installed persistently without seeing CLI confirmation prompts that might otherwise help review the change.
This makes a global, no-confirmation install command the documented agent-performed install path. Installing skills changes the user’s agent environment, and skipped prompts reduce the chance for review.
If the user wants to proceed, you can install the skill for them: `npx skills add <owner/repo@skill> -g -y` ... The `-g` flag installs globally (user-level) and `-y` skips confirmation prompts.
Require explicit confirmation for the exact package, avoid `-y` by default, prefer scoped/non-global installs where possible, and show the skill source and expected effects before installing.
Installed skills may come from third-party sources and could affect future agent behavior.
The skill relies on external repositories or package sources for installed skills. This is expected for a skill-discovery tool, but users should still verify provenance before installation.
`npx skills add <package>` - Install a skill from GitHub or other sources
Review the skill’s homepage/source, publisher, and instructions before installing, especially when the source is unfamiliar.