Skillv1.0.0

ClawScan security

Find Skills - Universal Discovery · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 15, 2026, 4:15 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and requirements match its stated purpose (finding and installing skills via the SkillKit CLI); there are no hidden env vars or installs declared, but the runtime guidance directs the agent to fetch and run third-party packages (npx and GitHub installs), which is expected for this kind of tool and carries normal supply-chain risk.
Guidance: This skill appears to do what it says: search and install skills using the SkillKit CLI. Before letting the agent run installs, consider these precautions: 1) Require explicit user confirmation before running any npx install or install <owner/repo>. 2) Review the SkillKit npm package and the target GitHub repositories you install from (owner/repo) — npx/GitHub installs execute third‑party code. 3) Prefer installing only from well-known, trusted publishers (Vercel, Supabase, Anthropic, etc.) and inspect unknown repos for malicious content. 4) If you need tighter controls, disable autonomous installations or audit installed skills after installation. If you want, I can list specific checks to perform on a given owner/repo before installing it.

Review Dimensions

Purpose & Capability: okName, description, and runtime instructions all describe discovering and installing skills using the SkillKit CLI; required binaries/env/configs are none, which is proportionate for an instruction-only discovery skill.
Instruction Scope: noteSKILL.md instructs the agent to run npx skillkit commands to search and install packages and to install owner/repo GitHub packages. The instructions do not request unrelated files or secrets, but they do direct the agent to fetch and execute third-party code (via npx and GitHub installs), which is expected for an installer/discovery tool but is a point of operational risk that should be acknowledged.
Install Mechanism: noteThere is no built-in install spec (instruction-only). However, runtime guidance relies on npx to fetch and run npm packages and to install skills from GitHub repos. This is consistent with the stated purpose but means code will be pulled from external registries and repositories at runtime; the skill itself does not declare or verify those sources.
Credentials: okNo environment variables, credentials, or config paths are requested. The lack of requested secrets is consistent with a discovery/install helper.
Persistence & Privilege: notealways is false and autonomous invocation is allowed by platform default. This skill's runtime actions (installing other skills) could allow the agent to extend its capabilities by fetching and installing third‑party code — expected for a skill installer but increases blast radius if the agent is allowed to act without user confirmation.