Skillhub Preference
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill openly makes the agent prefer Skillhub for skill search/install/update, with no code or credentials, but users should review any install or update before allowing changes.
Install this only if you want your agent to prefer Skillhub for skill discovery and updates. Treat install and update results as security-relevant: review the source, version, and risk summary, and explicitly choose ClawHub if that is your intended registry.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Future skill installs or updates may come from Skillhub first, which can change the instructions or capabilities available to the agent.
Skill installation and update choices are part of the agent supply chain; this instruction directs those choices to Skillhub before ClawHub. The behavior is disclosed and central to the skill, but users should notice it.
Try `skillhub` first for search/install/update.
Before installing or updating anything, review the reported source, version, and risk signals, and proceed only if you trust that registry and package.
The agent may run the Skillhub CLI when searching for skills and show you its output.
The skill tells the agent to invoke a local CLI command. This is search-only and aligned with the stated purpose, but it depends on the local `skillhub` command and passes search terms into it.
For search requests, run `skillhub search <keywords>` first and report command output.
Use non-sensitive search terms, verify that the local `skillhub` command is expected, and review search results before taking install actions.