ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Find Skills

v1.0.0

Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express...

0· 126·0 current·0 all-time
by@zachary2024

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zachary2024/find-skills-vercel.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Find Skills" (zachary2024/find-skills-vercel) from ClawHub.
Skill page: https://clawhub.ai/zachary2024/find-skills-vercel
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install find-skills-vercel

ClawHub CLI

Package manager switcher

npx clawhub@latest install find-skills-vercel
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, and SKILL.md are consistent: the skill helps discover and install agent skills. Minor inconsistency: the instructions rely on npx (Node/npm) but the metadata lists no required binaries.
Instruction Scope
Instructions stay within the stated purpose (searching and installing skills) and do not request unrelated files or env vars. They do recommend running 'npx skills add ... -g -y' which installs packages globally and suppresses prompts — a behavior that could cause changes without explicit local confirmation if executed automatically.
Install Mechanism
This is an instruction-only skill with no install spec or code. However, it relies on npx to fetch packages from the registry/remote repos at runtime; using npx to run arbitrary packages can pull and execute remote code and should be treated as a supply‑chain risk.
Credentials
The skill declares no environment variables, credentials, or config paths. No unexplained secrets are requested.
!
Persistence & Privilege
always is false and the skill is user-invocable, which is appropriate, but the guidance to install skills globally with '-g -y' could allow the agent (if permitted) to perform unattended global installs. Combined with platform-default autonomous invocation, this increases the blast radius if the agent is allowed to run commands without explicit user confirmation.
What to consider before installing
This skill is coherent with its stated purpose, but it tells the agent to use 'npx' to fetch and globally install third‑party packages and even suggests '-g -y' to skip confirmations. Before installing anything: (1) ensure Node/npm/npx are present locally (the skill metadata doesn't declare this); (2) verify the skill's source repository and popularity (installs/stars) before installing; (3) avoid running global installs with -y unless you trust the package; prefer local or sandboxed installs; (4) require explicit, user-initiated confirmation before any install; and (5) treat npx as a potential supply-chain vector — inspect the package repo or installation artifacts when possible. If you want the agent to install skills for you, limit it to presenting commands and require you to run them manually.

Like a lobster shell, security has layers — review code before you run it.

latestvk97arcaycvbprz2bka5jzhxqmx84h93s
126downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@zachary2024
latest
Download

Find Skills

This skill helps you discover and install skills from the open agent skills ecosystem.

When to Use This Skill

Use this skill when the user:

  • Asks "how do I do X" where X might be a common task with an existing skill
  • Says "find a skill for X" or "is there a skill for X"
  • Asks "can you do X" where X is a specialized capability
  • Expresses interest in extending agent capabilities
  • Wants to search for tools, templates, or workflows
  • Mentions they wish they had help with a specific domain (design, testing, deployment, etc.)

What is the Skills CLI?

The Skills CLI (npx skills) is the package manager for the open agent skills ecosystem. Skills are modular packages that extend agent capabilities with specialized knowledge, workflows, and tools.

Key commands:

  • npx skills find [query] - Search for skills interactively or by keyword
  • npx skills add <package> - Install a skill from GitHub or other sources
  • npx skills check - Check for skill updates
  • npx skills update - Update all installed skills

Browse skills at: https://skills.sh/

How to Help Users Find Skills

Step 1: Understand What They Need

When a user asks for help with something, identify:

  1. The domain (e.g., React, testing, design, deployment)
  2. The specific task (e.g., writing tests, creating animations, reviewing PRs)
  3. Whether this is a common enough task that a skill likely exists

Step 2: Check the Leaderboard First

Before running a CLI search, check the skills.sh leaderboard to see if a well-known skill already exists for the domain. The leaderboard ranks skills by total installs, surfacing the most popular and battle-tested options.

For example, top skills for web development include:

  • vercel-labs/agent-skills — React, Next.js, web design (100K+ installs each)
  • anthropics/skills — Frontend design, document processing (100K+ installs)

Step 3: Search for Skills

If the leaderboard doesn't cover the user's need, run the find command:

npx skills find [query]

For example:

  • User asks "how do I make my React app faster?" → npx skills find react performance
  • User asks "can you help me with PR reviews?" → npx skills find pr review
  • User asks "I need to create a changelog" → npx skills find changelog

Step 4: Verify Quality Before Recommending

Do not recommend a skill based solely on search results. Always verify:

  1. Install count — Prefer skills with 1K+ installs. Be cautious with anything under 100.
  2. Source reputation — Official sources (vercel-labs, anthropics, microsoft) are more trustworthy than unknown authors.
  3. GitHub stars — Check the source repository. A skill from a repo with <100 stars should be treated with skepticism.

Step 5: Present Options to the User

When you find relevant skills, present them to the user with:

  1. The skill name and what it does
  2. The install count and source
  3. The install command they can run
  4. A link to learn more at skills.sh

Example response:

I found a skill that might help! The "react-best-practices" skill provides
React and Next.js performance optimization guidelines from Vercel Engineering.
(185K installs)

To install it:
npx skills add vercel-labs/agent-skills@react-best-practices

Learn more: https://skills.sh/vercel-labs/agent-skills/react-best-practices

Step 6: Offer to Install

If the user wants to proceed, you can install the skill for them:

npx skills add <owner/repo@skill> -g -y

The -g flag installs globally (user-level) and -y skips confirmation prompts.

Common Skill Categories

When searching, consider these common categories:

CategoryExample Queries
Web Developmentreact, nextjs, typescript, css, tailwind
Testingtesting, jest, playwright, e2e
DevOpsdeploy, docker, kubernetes, ci-cd
Documentationdocs, readme, changelog, api-docs
Code Qualityreview, lint, refactor, best-practices
Designui, ux, design-system, accessibility
Productivityworkflow, automation, git

Tips for Effective Searches

  1. Use specific keywords: "react testing" is better than just "testing"
  2. Try alternative terms: If "deploy" doesn't work, try "deployment" or "ci-cd"
  3. Check popular sources: Many skills come from vercel-labs/agent-skills or ComposioHQ/awesome-claude-skills

When No Skills Are Found

If no relevant skills exist:

  1. Acknowledge that no existing skill was found
  2. Offer to help with the task directly using your general capabilities
  3. Suggest the user could create their own skill with npx skills init

Example:

I searched for skills related to "xyz" but didn't find any matches.
I can still help you with this task directly! Would you like me to proceed?

If this is something you do often, you could create your own skill:
npx skills init my-xyz-skill

Comments

Loading comments...