ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Muguozi1 Openclaw Find Skills

v1.0.0

Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express...

0· 152·1 current·1 all-time
by@muguozi1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and SKILL.md consistently describe discovering and installing skills via the Skills CLI (npx skills). The included example/test scripts are small, documentation-only, and related to demonstrating/validating the skill.
Instruction Scope
Runtime instructions are narrowly scoped to searching for and installing skills using the Skills CLI (npx skills find / npx skills add). They do not request unrelated files, credentials, or system paths. Note: the guide recommends running `npx` and using `-g -y` to install globally and skip prompts; these are legitimate for installing packages but increase the risk of installing/auto-executing unreviewed third-party code.
Install Mechanism
The skill itself has no install spec (instruction-only), which is low-risk. However, it instructs users/agents to use `npx skills add`, which will download and execute packages from the network (npm/GitHub). This is expected for a discovery/install helper but is a common vector for supply-chain risk and should be handled cautiously.
Credentials
No environment variables, credentials, or config paths are requested. Nothing disproportionate is required for the described purpose.
Persistence & Privilege
Skill does not request permanent presence or elevated platform privileges (always:false). The documentation suggests global installation of discovered skills (`-g`) and skipping confirmations (`-y`), which can increase attack surface if used without review. The skill itself does not modify other skills or system configuration.
Assessment
This skill is coherent and does what it says: it helps find and install other skills via the Skills CLI. Before using it (or following its install suggestions): 1) Be cautious when running `npx` or installing packages from unknown authors—these commands fetch and run remote code. 2) Avoid blindly using `-g -y`; prefer local installs or review the package/repository first. 3) Inspect the target skill's repository, README, and code for unexpected behavior, especially scripts that run at install time. 4) Do not run installs as root; use a sandbox or separate user when testing new skills. If you want, I can: fetch and show the suggested skill's repository URL and README before you install, or suggest safer install options (local or review-first).

Like a lobster shell, security has layers — review code before you run it.

latestvk9727kwv86y5eras28v3sd34yx8315pd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Find Skills

This skill helps you discover and install skills from the open agent skills ecosystem.

When to Use This Skill

Use this skill when the user:

  • Asks "how do I do X" where X might be a common task with an existing skill
  • Says "find a skill for X" or "is there a skill for X"
  • Asks "can you do X" where X is a specialized capability
  • Expresses interest in extending agent capabilities
  • Wants to search for tools, templates, or workflows
  • Mentions they wish they had help with a specific domain (design, testing, deployment, etc.)

What is the Skills CLI?

The Skills CLI (npx skills) is the package manager for the open agent skills ecosystem. Skills are modular packages that extend agent capabilities with specialized knowledge, workflows, and tools.

Key commands:

  • npx skills find [query] - Search for skills interactively or by keyword
  • npx skills add <package> - Install a skill from GitHub or other sources
  • npx skills check - Check for skill updates
  • npx skills update - Update all installed skills

Browse skills at: https://skills.sh/

How to Help Users Find Skills

Step 1: Understand What They Need

When a user asks for help with something, identify:

  1. The domain (e.g., React, testing, design, deployment)
  2. The specific task (e.g., writing tests, creating animations, reviewing PRs)
  3. Whether this is a common enough task that a skill likely exists

Step 2: Search for Skills

Run the find command with a relevant query:

npx skills find [query]

For example:

  • User asks "how do I make my React app faster?" → npx skills find react performance
  • User asks "can you help me with PR reviews?" → npx skills find pr review
  • User asks "I need to create a changelog" → npx skills find changelog

The command will return results like:

Install with npx skills add <owner/repo@skill>

vercel-labs/agent-skills@vercel-react-best-practices
└ https://skills.sh/vercel-labs/agent-skills/vercel-react-best-practices

Step 3: Present Options to the User

When you find relevant skills, present them to the user with:

  1. The skill name and what it does
  2. The install command they can run
  3. A link to learn more at skills.sh

Example response:

I found a skill that might help! The "vercel-react-best-practices" skill provides
React and Next.js performance optimization guidelines from Vercel Engineering.

To install it:
npx skills add vercel-labs/agent-skills@vercel-react-best-practices

Learn more: https://skills.sh/vercel-labs/agent-skills/vercel-react-best-practices

Step 4: Offer to Install

If the user wants to proceed, you can install the skill for them:

npx skills add <owner/repo@skill> -g -y

The -g flag installs globally (user-level) and -y skips confirmation prompts.

Common Skill Categories

When searching, consider these common categories:

CategoryExample Queries
Web Developmentreact, nextjs, typescript, css, tailwind
Testingtesting, jest, playwright, e2e
DevOpsdeploy, docker, kubernetes, ci-cd
Documentationdocs, readme, changelog, api-docs
Code Qualityreview, lint, refactor, best-practices
Designui, ux, design-system, accessibility
Productivityworkflow, automation, git

Tips for Effective Searches

  1. Use specific keywords: "react testing" is better than just "testing"
  2. Try alternative terms: If "deploy" doesn't work, try "deployment" or "ci-cd"
  3. Check popular sources: Many skills come from vercel-labs/agent-skills or ComposioHQ/awesome-claude-skills

When No Skills Are Found

If no relevant skills exist:

  1. Acknowledge that no existing skill was found
  2. Offer to help with the task directly using your general capabilities
  3. Suggest the user could create their own skill with npx skills init

Example:

I searched for skills related to "xyz" but didn't find any matches.
I can still help you with this task directly! Would you like me to proceed?

If this is something you do often, you could create your own skill:
npx skills init my-xyz-skill

🚀 30 秒快速开始

# 基础用法
# TODO: 添加具体命令示例

📋 何时使用

当以下情况时使用此技能:

  1. 场景 1
  2. 场景 2
  3. 场景 3

🔧 配置

必需配置

# 环境变量或配置文件

可选配置

# 可选参数

💡 实际应用场景

场景 1: 基础用法

# 命令示例

场景 2: 进阶用法

# 命令示例

🧪 测试

# 运行测试
python3 scripts/test.py

⚠️ 故障排查

常见问题

问题: 描述问题

解决方案:

# 解决步骤

📚 设计原则

本技能遵循 Karpathy 的极简主义设计哲学:

  1. 单一职责 - 只做一件事,做好
  2. 清晰可读 - 代码即文档
  3. 快速上手 - 30 秒理解用法
  4. 最小依赖 - 只依赖必要的库
  5. 教育优先 - 详细的注释和示例

最后更新:2026-03-16 | 遵循 Karpathy 设计原则

🏷️ 质量标识

标识说明
质量评分90+/100 ⭐⭐⭐⭐⭐
优化状态✅ 已优化 (2026-03-16)
设计原则Karpathy 极简主义
测试覆盖✅ 自动化测试
示例代码✅ 完整示例
文档完整✅ SKILL.md + README.md

备注: 本技能已在 2026-03-16 批量优化中完成优化,遵循 Karpathy 设计原则。

Files

7 total
Select a file
Select a file to preview.

Comments

Loading comments…