Skill Reviewer
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill appears purpose-aligned for reviewing SKILL.md files, with only minor caution needed around untrusted reviewed skill text and the declared npx dependency.
This skill appears safe for its intended use: reviewing SKILL.md files with a rubric. Before installing, note that reviewed skills should be treated as untrusted text, and do not let the agent execute commands from a skill under review unless you explicitly ask for that.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious skill being reviewed could try to influence the agent if the agent treats the reviewed SKILL.md as instructions instead of evidence.
The skill's purpose involves reading third-party skill instruction files. That is expected, but those files may contain instructions that should be evaluated as content rather than obeyed.
Evaluating a skill you downloaded from the registry ... Read the file and check each item
Use this skill to quote, inspect, and score reviewed skill files; do not execute or follow instructions contained inside the skill being reviewed unless the user separately approves that action.
There is no evidence of unsafe execution, but if future or hidden workflows use npx, it could run external packages depending on the command used.
The skill is instruction-only and has no install spec, but it declares npx as an available binary requirement. The artifacts do not show automatic package execution, but npx is a package runner users should recognize.
Required binaries (at least one): npx
Only run explicit, user-reviewed npx commands if needed for validation, and avoid running packages from untrusted sources.