Skill 查找器
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill coherently helps search and install ClawHub skills, but users should verify any skill before installing because installation changes the agent environment.
This appears to be a straightforward ClawHub skill finder. Before installing any skill it recommends, run or request an inspection first, check the publisher and requested permissions, and approve installation only if you trust the skill.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user installs a recommended skill, that new skill may gain its own permissions or influence future agent behavior.
The skill documents installing other ClawHub skills. This is purpose-aligned, but installing skills is a supply-chain action that can persistently change agent capabilities.
clawhub install <skill-name>
Inspect each recommended skill, verify its publisher and permissions, and only install after explicit user approval.
The user has less assurance about the exact publisher identity and provenance of this helper skill.
The registry provenance is limited, and the registry slug differs from the packaged slug shown elsewhere. This is not evidence of malicious behavior, but it is a publisher/provenance detail worth checking for a skill that recommends installations.
Source: unknown; Homepage: none; Registry slug: skill-finder-cn-clawd
Confirm the skill's registry page, publisher, and package identity before relying on its recommendations.