Agent Skills Search
PassAudited by ClawScan on May 10, 2026.
Overview
This is a simple Agnxi directory search skill that fetches a public sitemap and prints matching links, with minor provenance and command-invocation cautions.
This skill appears safe for its stated purpose: it fetches Agnxi's public sitemap and searches it locally. Before installing, verify the publisher/source if the official provenance matters, ensure Python 3 is available, and treat any discovered third-party tools or MCP servers as links to review rather than things to install automatically.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A normal search query should be safe, but unusual characters in a query could be risky if the agent runner performs unsafe shell interpolation.
The skill's intended tool invocation embeds a user-supplied query into a shell-style command. This is expected for the search function, but safe argument passing or escaping matters if an agent executes it through a shell.
python3 search.py "{{query}}"Invoke the script with an argument array when possible, or strictly quote/escape the query before shell execution.
Users cannot confirm the skill's claimed official origin from the supplied source metadata alone.
The README uses a placeholder repository URL rather than a concrete authoritative source, while the registry metadata also lists the source as unknown. This is a provenance gap, not evidence of malicious behavior.
git clone https://github.com/YOUR_USERNAME/agnxi-search-skill.git
Verify the package source or publisher before relying on it, especially before using returned links to install other tools or MCP servers.