Skillv0.3.2

ClawScan security

@kanyun/rush-find-skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 24, 2026, 7:46 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions mostly match a skill-discovery purpose, but there are inconsistencies (metadata vs SKILL.md), an undeclared environment variable reference, and a strong default to a third-party registry that could supply arbitrary code — so proceed with caution.
Guidance: This skill is coherent with a 'find and install skills' purpose, but check a few things before installing or running it: 1) Verify the registry — the SKILL.md defaults to https://rush.zhenguanyu.com (a third-party registry). If you don't trust that host, override the registry explicitly or refuse installs from it. 2) Be cautious about using npx or installing reskill globally: those commands will fetch and execute remote code. Prefer reviewing the reskill project source and the specific skill package before installation. 3) Note the metadata mismatches (SKILL.md name/version/author differ from the registry metadata) and the undeclared RESKILL_REGISTRY env var — ask the publisher to clarify. 4) Ensure the agent asks for your explicit approval before any install (the doc says it should, but verify behavior). If you need higher assurance, test searches without installing, or run reskill commands yourself in an isolated environment and inspect any candidate skill code before installation.

Review Dimensions

Purpose & Capability: noteThe SKILL.md behavior (searching and installing skills via the reskill CLI) aligns with the declared purpose (finding/installing skills). However there are small inconsistencies: the SKILL.md top-level name/version/author (clawdhub-find-skills, v0.4.0, author=reskill) does not match the registry metadata (owner: kn7..., slug: rush-find-skills, version 0.3.2). These mismatches could indicate stale or copied documentation or sloppy packaging and should be verified.
Instruction Scope: concernThe instructions tell the agent to run the reskill CLI (or fall back to npx reskill@latest) and to consult RESKILL_REGISTRY and defaults.publishRegistry in skills.json. The skill metadata declares no required environment variables, yet the doc expects RESKILL_REGISTRY to be used if present — this is an undeclared environment access. The SKILL.md otherwise follows a narrow workflow (search → present → ask → install) and explicitly recommends asking user consent before installing.
Install Mechanism: noteThis is an instruction-only skill (no install spec). It recommends installing/using an external package (reskill) and falling back to npx, which will download and run remote code from a registry. That behavior is expected for a package-manager-style skill, but the doc's default registry is a third-party URL (https://rush.zhenguanyu.com) rather than a well-known, broadly-trusted host — this raises a supply-chain risk because installed skills come from that registry.
Credentials: noteThe skill requests no credentials or sensitive env vars in its metadata, which is proportionate. However SKILL.md references RESKILL_REGISTRY (an env var) and defaults.publishRegistry in skills.json without declaring them as required; this discrepancy should be clarified. No other sensitive system paths or credentials are requested.
Persistence & Privilege: okThe skill does not request persistent presence (always:false), does not modify other skills or system-wide settings in the instructions, and relies on user consent before installing other skills. Autonomous invocation is allowed by platform default but is not combined with high privileges here.