Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Registry
v2.0.1MANDATORY agent discovery system for token-efficient agent loading. Claude MUST use this skill instead of loading agents directly from ~/.claude/agents/ or ....
⭐ 0· 2.6k·9 current·9 all-time
by@matrixy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the actual behavior: the repository contains a registry index, BM25 search, CLI commands (search/get/list/rebuild/init), and a UserPromptSubmit hook that implements the described lazy-loading and discovery flow. The migration/copy/move functionality is appropriate for a registry tool.
Instruction Scope
The registered hook (hooks/user_prompt_search.js) runs on every user prompt, reads the local registry.json inside the skill, and may inject additionalContext with matching agent names/summaries. This is within the described purpose but is broad in scope (automatic per-prompt behavior) and affects what Claude sees for every conversation; the migration scripts also scan ~/.claude/agents/ and the project's .claude/agents/ to copy or move agent files (move is opt-in).
Install Mechanism
There is no platform-level install spec in the SKILL.md, but the bundle includes an install.sh and recommends using npx skills add or cloning. The installer copies files into ~/.claude/skills/agent-registry/ and will optionally install @clack/prompts only when --install-deps is used. This is reasonable, but the README's npx/npm install suggestions imply pulling code from an external registry/repo—review the remote source before running network-based installers.
Credentials
The skill declares no required env vars or credentials. Telemetry exists but is opt-in (AGENT_REGISTRY_TELEMETRY), and code paths respect opt-out flags per the docs. No secrets or unrelated credentials are requested by the skill.
Persistence & Privilege
The skill installs a per-prompt hook (UserPromptSubmit) which will run automatically when the skill is enabled — this is expected for discovery behavior. always:false and no elevated OS privileges are requested. Because the hook runs on every prompt, users should be aware of the continuous runtime presence and the fact that installing/enabling the skill grants it the ability to inject additionalContext into conversations.
Assessment
This Agent Registry appears to do what it says: index agents, search by intent, and lazily load agent content. Before installing: (1) review the code (especially lib/registry.js and lib/telemetry.js) to verify the path-confinement logic and telemetry behavior; (2) prefer the default non-destructive migration (do not use --move unless you intend to relocate files); (3) note that the hook runs on every prompt and will inject agent suggestions automatically (disable or uninstall if you do not want that behavior); (4) avoid running network installers (npx/npm) unless you trust the remote publisher—if you do use the installer, inspect install.sh first; (5) if you have sensitive agent files, inspect registry.json and any code that resolves agent paths to ensure it cannot be coerced to read files outside the skill's agents/ directory. These checks will reduce operational and privacy risk. If you want additional assurance, share lib/registry.js and lib/telemetry.js for a focused review; that would raise confidence to high.Like a lobster shell, security has layers — review code before you run it.
latestvk973cybsy4rmbc3tfez0tnkred8172xk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.