Find Skills
PassAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is coherent for finding and installing skills, but users should explicitly approve any global skill install and review the source first.
This skill appears safe to install as an instruction-only helper. Use it carefully when it recommends installing another skill: review the source, confirm the exact install command, and understand that global installs can affect future agent behavior.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A skill installed this way can affect future agent behavior across the user’s environment.
The skill documents a command that can modify the user’s installed agent skills globally and bypass the CLI’s confirmation prompt. This is aligned with the stated install-helper purpose, but it should require clear user approval of the exact package.
npx skills add <owner/repo@skill> -g -y The `-g` flag installs globally (user-level) and `-y` skips confirmation prompts.
Before installing, confirm the exact skill name, source, and expected behavior; consider avoiding `-y` unless the user has already reviewed the install details.
Installing an untrusted or low-quality skill could add unsafe instructions or capabilities to the agent.
The skill directs use of an external package manager to install third-party skills from GitHub or other sources. The instructions include reputation checks, which helps, but third-party skill installation remains a supply-chain consideration.
`npx skills add <package>` - Install a skill from GitHub or other sources
Prefer reputable sources, inspect the skill’s contents and permissions, and avoid installing unknown skills solely based on search results or popularity.