Agent Skills Search
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A normal search query should be safe, but unusual characters in a query could be risky if the agent runner performs unsafe shell interpolation.
The skill's intended tool invocation embeds a user-supplied query into a shell-style command. This is expected for the search function, but safe argument passing or escaping matters if an agent executes it through a shell.
python3 search.py "{{query}}"Invoke the script with an argument array when possible, or strictly quote/escape the query before shell execution.
Users cannot confirm the skill's claimed official origin from the supplied source metadata alone.
The README uses a placeholder repository URL rather than a concrete authoritative source, while the registry metadata also lists the source as unknown. This is a provenance gap, not evidence of malicious behavior.
git clone https://github.com/YOUR_USERNAME/agnxi-search-skill.git
Verify the package source or publisher before relying on it, especially before using returned links to install other tools or MCP servers.