Skillv0.1.0

ClawScan security

find-skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 17, 2026, 2:09 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (helping users find and install other skills) is coherent, but its runtime instructions recommend running npx to fetch and globally install arbitrary packages non-interactively without declaring that npx is required or warning about the risks of executing remote code.
Guidance: This skill is coherent with its stated purpose (finding and installing other skills), but it tells the agent to run 'npx' to fetch and globally install arbitrary packages non-interactively (-g -y). npx executes code fetched from remote registries/repos, which can run arbitrary scripts on your machine. Before installing anything suggested by this skill: (1) ensure 'npx' is available and run installs interactively (omit -y) so you can review prompts; (2) prefer not to install globally unless you understand the package and need it; (3) verify the package source on skills.sh or GitHub and read the repository/README; (4) avoid running installs as root; (5) if you want stricter control, ask the agent to show the repository link and install commands and review them yourself. The skill would be safer if SKILL.md declared 'npx' as a required binary and warned explicitly about verifying package provenance.

Review Dimensions

Purpose & Capability: noteThe name and description match the instructions: the skill's job is to search for and install other skills. However, SKILL.md instructs the agent to run the 'npx' CLI, but the skill metadata lists no required binaries. The omission is inconsistent (npx should be declared as a required binary).
Instruction Scope: noteInstructions are focused on finding and installing skills and do not ask the agent to read unrelated files or environment variables. However, they explicitly recommend using 'npx skills add <owner/repo@skill> -g -y' (global, non-interactive install). That grants wide discretion to install arbitrary remote code on the user's environment without prompting and lacks guidance about verifying package provenance or reviewing repository contents.
Install Mechanism: concernThis instruction-only skill relies on 'npx' to download and execute code from npm/GitHub at install time. While this is expected for a package-based ecosystem, the skill provides no install spec and does not warn the user about the risks of running npx. Recommending global, non-interactive installs (-g -y) amplifies risk because it will install remote packages into the user's environment without confirmation.
Credentials: okThe skill requests no environment variables, credentials, or config paths. It does not attempt to access or exfiltrate secrets in SKILL.md.
Persistence & Privilege: noteThe skill itself does not request persistent privileges (always:false) and is user-invocable. However, the instructions encourage global installs (-g), which affect the user's system environment. The skill does not modify other skills or agent configs directly.