ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SkillScout

v0.1.0

Find and evaluate OpenClaw AI skills by trust score and security reviews before installation or recommendation.

0· 313·0 current·0 all-time
by@nashbot67
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (find and evaluate skills) aligns with the included files: a static-site dataset, review templates, an MCP server, and helper scripts for fetching and reviewing skills. However the SKILL metadata claims 'instruction-only' and lists no required binaries/env, while SKILL.md and the repo clearly rely on external tooling (curl, python3, npx) and network-hosted JSON (nashbot67.github.io). That omission is an incoherence the user should know about.
!
Instruction Scope
SKILL.md itself gives simple on-the-wire usage (curl → parse JSON, and 'npx @skillscout/mcp'). The repository contains many scripts (fetch-skill.sh, review-skill.sh, harden-skill.sh, batch-review.sh) that perform network fetches and write files; those behaviors are not reflected in the minimal SKILL.md or metadata. The ARCHITECTURE.md claims a read-only, no-network review agent, but the surrounding scripts indicate the project fetches remote skill sources and writes artifacts to disk — this is scope creep vs the runtime instructions shown to users.
Install Mechanism
There is no declared install spec (lowest-risk surface), but SKILL.md recommends running 'npx @skillscout/mcp' and uses curl/python3 in examples. Running the MCP package (if you do) would execute code pulled from npm; the repository also contains server code (mcp-server) and scripts that download and write files. Absence of an explicit install section and missing declaration of required tools is inconsistent and increases operational risk if users execute the provided commands without inspection.
Credentials
The skill declares no required environment variables or credentials, which is appropriate for a read-only catalog. But the catalog and scripts reference external APIs and processed skills that themselves may require credentials (the included skills.json entries show many skills with 'credentials' permissions). The SkillScout package does not request secrets up front, but running its scripts or the MCP server could lead you to provide API keys for downstream skills — be mindful those are for the target skills, not SkillScout itself.
!
Persistence & Privilege
always:false (good). Still, multiple examples and scripts in the repo show writing files to user locations (e.g., creating ~/.config/... for reviewed skills). If you run the provided scripts or the MCP server they may persist downloaded skill artifacts and fetched docs locally. The SKILL metadata did not surface that behavior — users should expect the tool to write files and to run network operations if they invoke it.
What to consider before installing
What to consider before using or installing SkillScout: - Treat the repo as potentially active code: although SKILL.md is brief, the project includes scripts and a server package that will fetch code and write files. Do not run anything blindly. - SKILL.md examples use curl, python3, and npx, but the registry metadata lists no required binaries. If you plan to follow examples, ensure those tools are available and inspect any remote URLs first. - The catalog is hosted on an external static site (https://nashbot67.github.io/...). Verify you trust that domain and the JSON it serves before piping it into commands. If possible, fetch and inspect the JSON locally instead of executing it immediately. - The project claims an isolated, read-only review agent, but the repo contains fetch-and-write scripts — confirm how the review agent is actually invoked and whether network access is used in your environment. - If you want to run the MCP server (npx @skillscout/mcp): inspect the package on npm (confirm publisher identity), review its code, and run it in a sandbox or ephemeral environment first. - Prefer manual code review of the scripts (fetch-skill.sh, review-skill.sh, harden-skill.sh, mcp-server) before executing them. Look for any commands that download archives, run installs, or execute unverified code. If you want, I can: - List the exact shell commands and files in the repo that perform network or filesystem operations. - Extract and show the curl/npx/python usage lines so you can inspect the remote endpoints before running them. - Suggest a safe sequence to test the tool in a sandbox (Docker container) and what to watch for.

Like a lobster shell, security has layers — review code before you run it.

latestvk972fss9bm85bdm1mfyk4mhkgd820rpw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments