Related Skill
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: related-skill Version: 0.1.5 The skill bundle is classified as suspicious due to the broad `allowed-tools: Bash(npx skills *)` permission defined in `SKILL.md`. While the instructions provided in `SKILL.md` are benign and align with the stated purpose of discovering and installing skills from the `inference.sh` registry, granting an AI agent the ability to execute `npx skills` with arbitrary arguments is a high-risk capability. This allows the agent to install, update, or remove any skill from the registry, which could lead to the installation of potentially malicious software or unintended system changes if the agent is compromised or receives a malicious prompt, representing a significant supply chain risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used without review, the agent could install, update, or remove skills, changing what capabilities are available in future sessions.
The skill grants the agent access to the `npx skills` command family. This is aligned with discovering and managing skills, but it includes commands that can modify the local skill set.
allowed-tools: Bash(npx skills *)
Only approve skill-management commands that match your request, and review the target skill before installing or updating it.
Newly installed skills may bring their own permissions, tools, dependencies, or data access patterns.
The documented workflow installs additional skills from a registry, including an option to install a broad bundle. This is the skill’s stated purpose, but it introduces downstream supply-chain and capability-expansion considerations.
npx skills add inference-sh/skills@ai-image-generation ... # Install the full platform skill with all 150+ apps
Review each related skill’s permissions and source before installation, especially broad bundles such as the full platform skill.