Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
SkillMe
v1.0.0Use when user asks to find, search, add, or install skills, or discover agent capabilities. Also triggers on 'install skills', 'add skills', 'is there a skil...
⭐ 0· 130·0 current·0 all-time
byEric Su@ghesericsu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md expects and instructs use of external tools (clawhub, npx/skills, python3) and writes to /root/.openclaw paths, but the skill metadata declares no required binaries, env vars, or config path access. This mismatch means the skill assumes privileges and host tooling that are not advertised — a coherence problem the user should be aware of.
Instruction Scope
Runtime instructions perform network fetches of arbitrary raw GitHub/skills.sh content and run external installers (npx skills add, clawhub install) and a conversion script that writes SKILL.md into chosen locations. These actions are within the skill's stated purpose (discovering/converting/installing skills) but carry the normal risks of executing or installing third-party code. The instructions default to root-style paths (/root/.openclaw/...), and the recommended npx commands may run untrusted package code (especially with -g -y).
Install Mechanism
There is no install specification (instruction-only), which is lower risk for this wrapper. However, the workflow relies on external installers (clawhub and npx) and a bundled convert_skillssh.py that will fetch remote SKILL.md files and write them to disk. Using npx to add skills is effectively executing remote packages, which is expected for installing third-party skills but increases risk.
Credentials
The skill does not request environment variables or credentials, and the conversion script does not attempt to read secrets. Network access to fetch raw GitHub/skills.sh content is required and expected. There are no disproportionate credential requests.
Persistence & Privilege
always:false (normal). The instructions assume writing into /root/.openclaw workspace or global skill directories, which implies elevated filesystem access; the skill does not declare these config path requirements. Also, because agent invocation is allowed by default, an agent could run these install commands autonomously — combine that with remote package execution (npx) and you have a larger blast radius if the agent is allowed to act without additional user confirmation.
What to consider before installing
This skill's purpose (finding and installing skills) is reasonable, but before installing or using it you should: 1) Ensure your environment has the tools it actually uses (clawhub, node/npm for npx, python3) or understand it will fail; the skill metadata does not list these requirements. 2) Be cautious about running the recommended npx commands (especially with -g -y) — npx can execute arbitrary remote package code. Prefer installing skills from well-known authors and inspect the SKILL.md and repository before adding. 3) Avoid running installs as root or into /root/.openclaw; pick a non-privileged workspace path. 4) When asked to convert or install a skill, manually review the fetched SKILL.md (the convert script fetches raw GitHub URLs) before writing/executing. 5) If you do not want the agent to autonomously install third-party code, disable autonomous invocation for this skill or require explicit user confirmation before performing installs. Overall: OK to use for discovery, but treat installation steps as potentially risky and verify sources and contents before proceeding.Like a lobster shell, security has layers — review code before you run it.
latestvk97dz4t7a4v246f473b67g7ba9834dxa
License
MIT-0
Free to use, modify, and redistribute. No attribution required.