Find Skills 0.1.0
PassAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is coherent with its purpose of finding and installing other skills, but users should review any third-party skill before allowing global installation.
This skill appears benign and instruction-only. Before installing any skill it finds, review the exact package, publisher, source link, and permissions. Prefer requiring an explicit approval step and avoid skipping confirmation prompts unless you trust the selected skill.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user approves installation too quickly, a third-party skill could be installed globally without the CLI asking for another confirmation.
The command is purpose-aligned, but it gives the agent a path to modify the user's installed skill set globally and bypass the CLI's confirmation prompts after user approval.
If the user wants to proceed, you can install the skill for them: ```bash npx skills add <owner/repo@skill> -g -y ``` The `-g` flag installs globally (user-level) and `-y` skips confirmation prompts.
Ask the user for explicit approval before installation, show the exact package name/source, and consider omitting -y so the user can review the CLI confirmation.
The quality and safety of any installed skill depends on the external source selected by the user and agent.
Installing skills from external repositories is central to the stated purpose, but it introduces normal third-party package provenance risk.
`npx skills add <package>` - Install a skill from GitHub or other sources
Review the skill page, source repository, publisher, permissions, and installation instructions before installing.
Installed skills may remain available to the agent in future sessions.
Global installation is explicitly disclosed and purpose-aligned, but it creates persistent changes to the user's agent environment.
The `-g` flag installs globally (user-level)
Install globally only for skills you expect to use again, and periodically review or remove skills you no longer need.