Find Skills Tianjin
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: find-skills-tianjin Version: 0.1.1 The 'find-skills' skill (slug: find-skills-tianjin) is a utility designed to help users discover and install additional agent capabilities via the 'npx skills' CLI and the skills.sh ecosystem. It provides clear instructions for the agent to search for skills using 'npx skills find' and install them using 'npx skills add' with user consent. While it utilizes powerful CLI flags (e.g., -g -y for global, non-interactive installation), these are used within the context of its stated purpose as a package manager interface. No evidence of malicious intent, data exfiltration, or unauthorized background execution was found in SKILL.md or _meta.json.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could end up with a third-party skill installed globally, changing future agent behavior, without seeing the normal package-manager confirmation step.
This is a high-impact tool action because it installs a new agent skill globally and bypasses the CLI's confirmation prompts. Although installation is purpose-aligned, the default workflow lacks a clear guardrail requiring source review or exact-package confirmation before the agent runs it.
npx skills add <owner/repo@skill> -g -y The `-g` flag installs globally (user-level) and `-y` skips confirmation prompts.
Require explicit user confirmation of the exact package and publisher before installation, avoid `-y` by default, and prefer scoped or reversible installs when possible.
Installing a skill from an untrusted or mistaken source could introduce unsafe instructions or tools into the agent environment.
The skill explicitly installs packages from external sources. This is expected for a skill-finder, but users should treat the selected package source as part of the trust decision.
`npx skills add <package>` - Install a skill from GitHub or other sources
Review the skill page, publisher, repository, and requested capabilities before installing any result.