Skill Finder (Find ClawHub skills + Search Skills.sh)
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user approves an install, the agent may gain new behavior from another skill.
The skill can guide the agent to use external CLI tools and install new skills, which changes the agent environment; the same text also discloses review and opt-in safeguards.
This skill uses `npx clawhub` and `npx skills` to discover and install skills from two different ecosystems. Review candidates before installation, keep installs opt-in
Review the recommended skill, its source, and scanner status before approving installation.
A poorly maintained or misleading third-party skill could be recommended if evaluation is not done carefully.
The skill intentionally works with an external open skill ecosystem, so source provenance and exact install strings matter.
For `Skills.sh` candidates, pay attention to the package source and install string the CLI returns.
Prefer clear, maintained, reputable sources and avoid installing ambiguous Skills.sh or ClawHub results.
Saved preferences and liked/passed skill history may affect future recommendations.
The skill persists preference memory that will influence later recommendations, but the storage location and intended contents are disclosed.
This skill stores local preference data in `~/skill-finder/`: - Source mode, explicit preferences, liked skills, and passed skills
Keep only non-sensitive preference information in this memory file and review it if recommendations seem biased or stale.
Future skill-related requests may automatically use this skill and its local memory.
The setup guidance can add persistent routing so the skill and its memory are loaded for future skill-related requests; it is scoped and disclosed, not hidden background behavior.
When a request sounds like finding, comparing, or installing a skill, always load the `skill-finder` skill and `~/skill-finder/memory.md` before answering.
Only add the AGENTS.md routing line if you want this persistent behavior, and remove it later if you prefer manual invocation.