v1.0.0

NPM Search

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:50 AM.

Analysis

This appears to be a simple npm package search helper, but it relies on external command-line components whose source is not specified.

GuidanceThis skill is reasonable for npm package search, but before installing or using it, make sure jq and npm-search-mcp-server are already installed from trusted sources and that any local scripts/npmsearch wrapper is the one you expect.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none; Required binaries (all must exist): jq, npm-search-mcp-server

The skill depends on external binaries, including an MCP server binary, but the artifacts do not provide an install source or homepage. This is purpose-aligned for a CLI search wrapper, but users should verify the dependency source before use.

User impactIf the required npm-search-mcp-server binary is installed from an untrusted source, the skill would run that local component when searching packages.

RecommendationInstall the required binaries only from trusted, verifiable sources and confirm that scripts/npmsearch, if used, is the expected local wrapper.