Countries
PassAudited by ClawScan on May 1, 2026.
Overview
This is a low-impact country lookup skill that uses a public API, but its README points to an external GitHub clone for the actual CLI code.
This appears safe for simple country lookups, but verify the external GitHub repository before cloning or running the CLI because the executable code is not included in the reviewed artifacts.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user follows the README installation path, the actual command code they run may come from an external source not represented in this review.
The README directs users to clone code from an external GitHub repository that is not included in the provided artifact set or pinned to a commit.
git clone https://github.com/jeffaf/countries-skill.git ~/clawd/skills/countries
Verify the GitHub repository and preferably pin a trusted commit or include the reviewed CLI files directly in the skill package.
Country lookup requests may be sent to the public REST Countries API, but no authentication or sensitive local data access is described.
The skill expects the agent to use local command-line tools, including curl for network API access. This is disclosed and aligned with the country lookup purpose.
requires:
bins: ["bash", "curl", "jq", "bc"]Install only if you are comfortable with the agent making public API calls for country information.