ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Find Skills 0.1.0

v1.0.0

Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express interest in extending capabilities. This skill should be used when the user is looking for functionality that might exist as an installable skill.

5· 1.8k·242 current·261 all-time
by@leochan14·duplicate of @robin797860/find-skills-robin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the SKILL.md. The instructions focus on searching for and installing agent skills using the Skills CLI (npx skills), which is consistent with the stated purpose. One minor omission: the SKILL.md expects the presence of npx/Node.js but the skill metadata does not declare that dependency.
Instruction Scope
Instructions are scoped to searching and installing skills. They do not ask the agent to read unrelated files or environment variables. However, the runtime guidance recommends installing packages globally and skipping prompts (npx skills add <pkg> -g -y), which will modify the user's environment and bypass interactive confirmation — this is expected for an installer helper but worth flagging to users as potentially surprising.
Install Mechanism
This is an instruction-only skill with no install spec or code. It directs the user/agent to use npx to fetch and install packages (potentially from GitHub). That behavior is consistent with the skill's purpose but implies downloading and executing third-party code at install time; users should vet packages before allowing installation.
Credentials
No environment variables, credentials, or config paths are requested or referenced. The skill does not ask for unrelated secrets or system access.
Persistence & Privilege
always is false and the skill does not request persistent or elevated platform privileges. It does recommend global installs of other skills (which affect the user's environment), but the skill itself does not modify platform settings or other skills' config.
Assessment
This skill is coherent: it guides you to search for and install other skills via the Skills CLI. Before running install commands it suggests, ensure you have Node/npm (npx) available, review the target skill's repository and README, and avoid blindly using -g -y unless you trust the package. Prefer installing locally or in a sandbox if you're unsure, and verify authors and links (e.g., skills.sh and the GitHub repo) before allowing the agent to perform installs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e345nfd7nsde5gcv0ykwcr980wwf9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments