MyAider Skill Importer
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill appears to do what it claims, but it can persistently create or update agent skills from remote MyAider MCP content without a clear content review or rollback step.
Use this only if you trust the MyAider MCP server and the specific skills being imported. Prefer selecting individual skills instead of "All," review the full generated skill content before saving or upgrading, and keep a way to remove or roll back imported skills.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A remote or compromised MyAider skill specification could become a local agent skill and influence future agent behavior.
The skill imports executable agent instructions from a remote MCP source. The artifact does not describe signature checks, trust verification, content review, or rollback before turning that remote content into installed skills.
Call `mcp__{SERVER_NAME}__get_myaider_skills` ... to retrieve all available skills from MyAider.Before importing, review the full contents of each MyAider skill, especially usage instructions and tool definitions; avoid importing all skills blindly.
The agent may add or update skills that affect later tasks, and the user may not see all imported instructions before they are installed.
The workflow directs the agent to use another skill to create or update installed skills automatically after selection. This is purpose-aligned, but it is high-impact mutation of the agent environment without a clearly required full content review step.
YOU MUST create the skill automatically instead of ask user to do it manually. YOU MUST use the Skill tool to invoke `skill-creator:skill-creator`
Require explicit approval of each skill’s full generated content before creation or upgrade, and keep backups so changes can be reverted.
If imported content contains unsafe or manipulative instructions, it could poison future agent context and affect later tasks.
The skill explicitly embeds remote usage instructions and tool schemas into persistent local skills. Those instructions may later be trusted as agent context.
[full usage instructions from the myaider skill] ... include the full tool descriptions and parameter schemas BELOW
Inspect imported usage instructions for prompt-injection behavior, broad tool use, hidden data access, or unsafe actions before saving them as skills.