Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
skill-finder
v1.1.0Find and evaluate Claude skills for specific use cases using semantic search, Anthropic best practices assessment, and fitness scoring. Use when the user ask...
⭐ 0· 26·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md clearly implements a GitHub-centric search-and-install workflow that depends on the GitHub CLI (gh), jq, base64, date, grep, curl, git clone, npm/pip and other shell tooling. The registry metadata declares no required binaries or credentials. That is incoherent: a tool that calls gh and clones repos should at minimum declare the dependency on gh and the likely need for GitHub authentication (GH_TOKEN/GITHUB_TOKEN). The skill also assumes write access to a .claude/skills directory on disk, which is not reflected in required config paths.
Instruction Scope
SKILL.md instructs the agent to search GitHub, fetch SKILL.md files, clone repositories, download whole skill directories, and — in the 'complex' path — prompt to run remote setup.sh, run npm install and pip install, and execute arbitrary shell scripts from third-party repos. Those actions go well beyond passive evaluation: they fetch and can execute remote code and modify local filesystem state. The instructions do not constrain or require verification of downloaded scripts prior to execution.
Install Mechanism
Although the skill has no formal install spec (instruction-only), the provided installation workflow recommends cloning arbitrary GitHub repos, copying files into the agent's skill directory and running setup scripts and dependency installers. That is a high-risk download-and-execute pattern (clone → run setup.sh / npm / pip) from potentially untrusted sources. The guidance does not require verifying release hosts, checksums, or limiting execution to known/trusted repositories.
Credentials
The skill does not declare required environment variables, but its workflows rely on the GitHub CLI and API which typically require authentication (GH_TOKEN/GITHUB_TOKEN) to avoid rate limits and to access private repos. It also assumes permission to read/write .claude/skills and to run package managers. Requesting no credentials in metadata while instructing operations that commonly require tokens and broad filesystem access is disproportionate and misleading.
Persistence & Privilege
always:false (good). However, the skill's recommended workflow installs third-party skill files into .claude/skills, may overwrite existing installations, and can run setup/install scripts that persist software or change environment state. While that capability is consistent with an installer/evaluator tool, it elevates the blast radius because arbitrary repositories can cause persistent changes if users accept prompts.
What to consider before installing
This skill's description (find/evaluate GitHub skills) matches the code in SKILL.md, but the instructions assume utilities and permissions that are not declared and include downloading and executing third-party setup scripts. Before installing or letting the agent run this skill: 1) Require the skill to declare dependencies (gh, jq, git, curl, etc.) and the need for a GitHub token (GH_TOKEN) with limited scope; 2) Do not allow automatic execution of setup.sh or automated npm/pip installs — inspect downloaded setup scripts and dependency manifests manually in a sandbox first; 3) Prefer a read-only preview mode (fetch and display SKILL.md content) rather than automatic clone+install; 4) If you must install, do it on an isolated machine/container and limit credentials to least-privilege tokens; 5) If the vendor cannot explain why no binaries or env vars are required, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk97dwszea2d4xvz9fvfnjz2w7s8452df
License
MIT-0
Free to use, modify, and redistribute. No attribution required.