Skillv0.1.0

ClawScan security

Find Skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 16, 2026, 1:51 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description matches its instructions, but it tells the agent to run npx-based installs (including global installs with -y to skip confirmation) while not declaring Node/npx as a prerequisite; that combination—remote package execution + silent global installation + autonomous agent invocation—creates a modest risk and an incoherence the user should understand before enabling it.
Guidance: This skill appears to do what it says (search and install other skills), but review these points before installing or letting an agent run it unattended: - Node/npm/npx is required to follow its instructions, yet the metadata doesn't list those binaries. If you run it, make sure npx is installed and trusted on the host. - The skill tells the agent to use 'npx skills add <...> -g -y' which will download and execute third-party code and install it globally while skipping confirmation. Do not allow autonomous installs unless you trust the source. Prefer running installs yourself after reviewing the target repository. - When the agent presents a candidate skill, verify the skills.sh link and the owner/repo before running the add command. - If you want to reduce risk, disable autonomous model invocation for this skill or require explicit user confirmation for any 'npx skills add' action; avoid using '-y' and global installs unless necessary. If you want to proceed, treat this skill as a convenience for discovery only and retain manual control over any actual 'npx skills add' operations.

Review Dimensions

Purpose & Capability: noteThe skill's name and description align with the instructions: it is a discovery/install helper that uses the 'skills' CLI. However, the SKILL.md repeatedly instructs the agent to run 'npx skills' commands (which require Node/npm/npx) while the registry metadata lists no required binaries; this omission is an inconsistency.
Instruction Scope: concernThe instructions explicitly tell the agent how to search and to install skills using commands like 'npx skills add <owner/repo@skill> -g -y'. That runs remote code from package registries or GitHub and the '-g -y' recommendation bypasses confirmation prompts. While this is within the stated purpose (discovering/installing skills), it expands the agent's ability to fetch and execute arbitrary third-party code and to install it globally without further confirmation.
Install Mechanism: noteThere is no install spec (instruction-only), which minimizes disk-written install-time artifacts from the skill itself. But the runtime instructions rely on 'npx', which downloads and executes packages from npm/GitHub at runtime — a higher-risk mechanism than using only pre-installed, vetted binaries. The skill does not declare Node/npm/npx as required, which is a mismatch between declared requirements and actual instructions.
Credentials: okThe skill does not request environment variables, credentials, or config paths. Nothing in the SKILL.md asks for secrets or unrelated system config.
Persistence & Privilege: noteThe skill is not 'always: true' and requires user invocation. However, the SKILL.md explicitly recommends using '-g -y' to install skills globally and skip confirmations; because model invocation is allowed (disable-model-invocation: false), an agent could attempt to perform installs autonomously. This combination increases the blast radius if an agent is permitted to run shell commands without an extra human confirmation.