Related Skill
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used without review, the agent could install, update, or remove skills, changing what capabilities are available in future sessions.
The skill grants the agent access to the `npx skills` command family. This is aligned with discovering and managing skills, but it includes commands that can modify the local skill set.
allowed-tools: Bash(npx skills *)
Only approve skill-management commands that match your request, and review the target skill before installing or updating it.
Newly installed skills may bring their own permissions, tools, dependencies, or data access patterns.
The documented workflow installs additional skills from a registry, including an option to install a broad bundle. This is the skill’s stated purpose, but it introduces downstream supply-chain and capability-expansion considerations.
npx skills add inference-sh/skills@ai-image-generation ... # Install the full platform skill with all 150+ apps
Review each related skill’s permissions and source before installation, especially broad bundles such as the full platform skill.