Missing User Warnings
Medium
- Confidence
- 84% confidence
- Finding
- The skill explicitly instructs users to install and publish software via npm and the ClawdHub CLI, which can modify the local environment and skill directories, but it does not warn about these side effects or advise verification before use. In a security-sensitive agent context, omitting those cautions increases the chance of unintended package installation, workspace modification, or publication of local content.
