技能查找
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is coherently aimed at finding and optionally installing skills, but users should review any global install because the suggested command skips confirmation prompts.
This skill appears safe to use for discovering skills, but treat installation as a real change to your agent environment. Review the exact skill source before installing, consider not using the `-y` flag so prompts are shown, and remember that `-g` installs persist globally.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A selected skill could be installed globally and affect future agent behavior without an additional package-manager confirmation prompt.
This is a user-directed, purpose-aligned install workflow, but it gives the agent a command that modifies the global skill set and bypasses an extra CLI confirmation step.
If the user wants to proceed, you can install the skill for them: `npx skills add <owner/repo@skill> -g -y`. The `-g` flag installs globally (user-level) and `-y` skips confirmation prompts.
Confirm the exact package with the user before installing, prefer omitting `-y` when review is desired, and make sure the user understands the global install scope.
Installing a third-party skill can introduce new instructions, tools, or behavior into the agent environment.
The skill intentionally uses an external package manager and third-party skill sources. This is central to its purpose, but users should treat installed skills as supply-chain dependencies.
`npx skills add <package>` - Install a skill from GitHub or other sources
Install only skills from trusted publishers, review the skills.sh/GitHub page first, and avoid installing unknown packages automatically.
Users may have less clarity about the exact package identity or publication lineage.
The included `_meta.json` identity/version differs from the supplied registry metadata for owner, slug, and version, which creates a minor provenance/package-coherence ambiguity.
"ownerId": "kn77ajmmqw3cgnc3ay1x3e0ccd805hsw", "slug": "find-skills", "version": "0.1.0"
Verify the registry entry and publisher identity before trusting or redistributing the skill.