Skill Writer
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user chooses to run this command, their system may fetch and execute the latest MoltHub CLI package to search the registry.
The skill documents a user-directed npx command using `@latest`, which can fetch and run the current MoltHub package version. This is aligned with the skill-writing purpose and is also reflected by the npx requirement, but it is still worth noticing as a mutable external CLI invocation.
Check for slug collisions before publishing: `npx molthub@latest search "your-slug"`
Run the command only when needed, and consider pinning or reviewing the package source if reproducibility or supply-chain trust is important.