Auto Skill Hunter
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill openly aims to improve the agent by installing other skills, but it can read recent chats/profile data, fetch remote skills, and run newly installed code without a clear approval or sandbox boundary.
Treat this as a powerful agent-modification tool, not a simple search helper. If you install it, run `--dry-run` first, review each proposed skill and source manually, avoid cron auto-install mode, sandbox self-tests, and disable outbound reporting or query sharing unless you are comfortable with the data being sent.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill in auto mode could add new capabilities or behaviors to the agent before the user has reviewed each selected skill.
The skill is intended to perform automatic installation and validation of other skills, which can materially change the agent's behavior without an explicit per-install approval step.
Full automatic patrol ... node skills/skill-hunter/src/hunt.js --auto ... Install top candidates with a runnable entry and self-test fallback.
Make dry-run the default, require explicit approval for each install, and show the exact skill, source, permissions, and self-test command before making changes.
A low-quality or malicious upstream skill could be installed into the agent's skill directory and treated as a normal capability.
The skill can introduce remote or generated skill packages into the local agent environment, but the artifacts do not show provenance pinning, signatures, allowlists, or manual review gates.
Clones from upstream when repo URL is available. Falls back to scaffold mode if clone fails. Ensures `SKILL.md` + runnable `index.js` self-test path.
Only install from trusted owners, pin versions or commits, verify manifests and permissions before install, and avoid fallback scaffolding unless the user explicitly approves it.
A newly installed skill could execute arbitrary local code during validation, not only when the user later invokes it.
The code executes a skill's runnable entry via a shell command for self-testing. If the entry belongs to a newly fetched skill, the self-test can run unreviewed code.
execSync(`node "${indexPath}" --self-test`, {Run self-tests in a sandbox with restricted filesystem/network access, or require user confirmation before executing any newly installed code.
Private task details from recent chats may influence remote search queries, and misleading or malicious session content could steer the agent toward installing inappropriate skills.
The skill mines recent conversation context and uses it to drive external searches and installation decisions, but the artifacts do not describe redaction, preview, retention, or poisoning protections.
Extract unresolved problems and topic signals from recent chat/session memory. Search ClawHub with trending feeds and query endpoints.
Preview and approve extracted queries before network use, redact sensitive details, limit which sessions are read, and do not treat prior chat text as authoritative installation instructions.
If scheduled, the skill could continue adding or testing skills long after the original user task, increasing drift and review burden.
The documentation recommends recurring autonomous execution that can keep modifying the skill stack over time.
For continuous value, run Auto Skill Hunter on a timer ... */30 * * * * node /path/to/workspace/skills/skill-hunter/src/hunt.js --auto --max-install 1
Do not schedule automatic install mode unless there is monitoring, audit logging, a stop mechanism, and a policy requiring review of each proposed skill.