Skills.sh Search
Security checks across malware telemetry and agentic risk
Overview
The skill appears to do what it says—search the skills.sh registry—but users should review any third-party skill before following the included install commands.
Safe to use for searching the skills.sh registry. Treat install commands as suggestions, not approvals: review any discovered skill and confirm the intended install scope before adding it to Clawdbot.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user follows the install guidance, they may add third-party skills that can affect future agent behavior.
The skill’s documentation guides users from search results to installing third-party agent skills. This is disclosed and related to discovery, but installing external skills can change the agent environment and should be reviewed.
After finding a skill, install it using the `skills` CLI: ```bash npx skills add vercel-labs/agent-skills ```
Before installing a discovered skill, review its source, SKILL.md, permissions, and install scope; prefer project-scoped installation and ask for explicit user confirmation.