Skillv2.0.1

ClawScan security

Agent Registry · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 15, 2026, 10:15 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, hooks, and instructions are coherent with a lazy-loading agent registry: it indexes agents, offers search/get/list CLI tools, and installs a hook that auto-suggests agents on each user prompt; nothing requested is disproportionate to that purpose, though there are operational/privacy considerations to review before installing.
Guidance: This Agent Registry appears to do what it says: index agents, search by intent, and lazily load agent content. Before installing: (1) review the code (especially lib/registry.js and lib/telemetry.js) to verify the path-confinement logic and telemetry behavior; (2) prefer the default non-destructive migration (do not use --move unless you intend to relocate files); (3) note that the hook runs on every prompt and will inject agent suggestions automatically (disable or uninstall if you do not want that behavior); (4) avoid running network installers (npx/npm) unless you trust the remote publisher—if you do use the installer, inspect install.sh first; (5) if you have sensitive agent files, inspect registry.json and any code that resolves agent paths to ensure it cannot be coerced to read files outside the skill's agents/ directory. These checks will reduce operational and privacy risk. If you want additional assurance, share lib/registry.js and lib/telemetry.js for a focused review; that would raise confidence to high.

Review Dimensions

Purpose & Capability: okName/description match the actual behavior: the repository contains a registry index, BM25 search, CLI commands (search/get/list/rebuild/init), and a UserPromptSubmit hook that implements the described lazy-loading and discovery flow. The migration/copy/move functionality is appropriate for a registry tool.
Instruction Scope: noteThe registered hook (hooks/user_prompt_search.js) runs on every user prompt, reads the local registry.json inside the skill, and may inject additionalContext with matching agent names/summaries. This is within the described purpose but is broad in scope (automatic per-prompt behavior) and affects what Claude sees for every conversation; the migration scripts also scan ~/.claude/agents/ and the project's .claude/agents/ to copy or move agent files (move is opt-in).
Install Mechanism: noteThere is no platform-level install spec in the SKILL.md, but the bundle includes an install.sh and recommends using npx skills add or cloning. The installer copies files into ~/.claude/skills/agent-registry/ and will optionally install @clack/prompts only when --install-deps is used. This is reasonable, but the README's npx/npm install suggestions imply pulling code from an external registry/repo—review the remote source before running network-based installers.
Credentials: okThe skill declares no required env vars or credentials. Telemetry exists but is opt-in (AGENT_REGISTRY_TELEMETRY), and code paths respect opt-out flags per the docs. No secrets or unrelated credentials are requested by the skill.
Persistence & Privilege: noteThe skill installs a per-prompt hook (UserPromptSubmit) which will run automatically when the skill is enabled — this is expected for discovery behavior. always:false and no elevated OS privileges are requested. Because the hook runs on every prompt, users should be aware of the continuous runtime presence and the fact that installing/enabling the skill grants it the ability to inject additionalContext into conversations.