Skillv1.0.0

ClawScan security

技能查找 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 1, 2026, 8:09 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its purpose (finding/installing skills), but metadata inconsistencies and the guidance to perform global, unattended installs via npx make the package incoherent or risky without further verification.
Guidance: This skill appears to do what it says (find and install other skills) but two issues warrant caution: (1) the registry metadata in the package files doesn't match the registry listing (mismatched owner/slug/version), which could indicate a packaging or provenance problem — verify the source/author before trusting installs; (2) the instructions recommend using `npx` to install arbitrary packages with `-g -y` (global, unattended). npx installs can execute remote code (supply-chain risk) and skipping confirmation removes a user safety check. Before installing any recommended skill: confirm the exact package name and source, open the package/repository to inspect it, avoid global/unattended installs (omit -g and -y or run in a sandbox), and require explicit user confirmation before running npx commands. If you want me to proceed with a specific install, tell me to do it and I will remind you what will be fetched and ask for approval first.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes a find-and-install helper for agent skills and the commands it recommends (npx skills find / add) are consistent with that purpose. However the registry metadata and the included _meta.json disagree on ownerId, slug, and version (registry: ownerId kn7ejmm..., slug dragon-find-skills, version 1.0.0; _meta.json: ownerId kn77ajmm..., slug find-skills, version 0.1.0). Those provenance mismatches are unexplained and reduce trust.
Instruction Scope: noteInstructions stay within scope: they only describe searching and installing skills using the Skills CLI. They recommend running `npx skills add <pkg> -g -y` (global install, skip prompts) which can cause unattended global installation of arbitrary packages — this is an operational risk and should not be done without explicit user approval.
Install Mechanism: noteThe skill is instruction-only (no install spec), so nothing is written by the skill itself. But the runtime commands it recommends use `npx`, which downloads and executes code from the npm ecosystem; that is expected for a skill-installer but is a supply-chain risk and should be done deliberately and with source validation.
Credentials: okThe skill declares no required environment variables, binaries, or config paths and its instructions don't reference any secrets or unrelated system files. This is proportionate to its stated purpose.
Persistence & Privilege: notealways is false and there is no install spec, so the skill does not request permanent inclusion. However the skill advises installing other skills globally and unattended; combined with autonomous invocation on the platform, that pattern increases blast radius if the agent executes installs without clear user consent.