Skill Quick Index
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a simple local skill-lookup helper that reads a bundled JSON index and does not show credential use, network access, file mutation, or background behavior.
This skill looks safe for its stated purpose. Before installing, make sure you trust the package source, and treat its routing output as recommendations rather than automatic approval to use other higher-impact skills.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing users may run local code on their machine, though the reviewed script is read-only and limited to lookup behavior.
The skill asks the user to run a local Python helper. The provided helper is aligned with the skill purpose and only loads the bundled JSON index and prints matches, but running local code is still worth noticing.
python3 scripts/skill_lookup.py "打开网页并截图"
Run it only from a trusted installation location and review the script if you modify or replace it.
Users have less external provenance information for deciding whether to trust the package.
The package includes a runnable script, but the supplied registry metadata does not identify a source repository or homepage. No malicious behavior is evident in the provided code, but provenance is limited.
Source: unknown; Homepage: none
Prefer installing from a trusted publisher or repository, and verify the included files before use.