skill-registry-unified
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches a registry/router purpose, but its remote-search path runs an undeclared npx command and treats uninstalled remote skills as safe without real vetting.
Review carefully before installing. Verify the clawdhub/npx dependency source, do not rely on the built-in vetSkill check as a real security scan, and inspect REGISTRY.md after use because the skill can rewrite local routing state.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A remote or locally resolved CLI package could execute with the user’s local account permissions before the user approves any skill installation.
On a local miss, the skill runs an npx-based CLI search. Because the metadata declares no required binary or install spec, this creates unclear provenance and may cause unpinned external package code to run during normal use.
const p=spawn('npx',['clawdhub','search',s,'--limit','3'],{timeout:30000,stdio:['pipe','pipe','pipe']});Declare and pin the ClawHub CLI dependency, verify its source, and require explicit user approval before first running any npx-based command.
Users may believe a remote skill has been safety-checked when the included code has effectively passed it without inspection.
Remote skills will normally not exist locally before installation, so the vetting function returns true without scanning them. This undercuts the advertised safety-scan step before installation.
if(!fs.existsSync(skillPath))return true; ... const safe=await vetSkill(remote); return safe?{type:'toInstall',skill:remote}:{type:'blocked'};Fail closed for uninstalled remote skills until a real vetter or signed ClawHub scan result is available, and clearly label unscanned results as unverified.
An installed skill with misleading triggers could affect which skill is selected in later sessions.
The script builds a persistent routing registry from all installed skills and overwrites REGISTRY.md, so inaccurate or malicious skill metadata could influence future routing decisions.
const SKILLS_DIR = path.resolve(__dirname, '../../skills'); const REGISTRY_PATH = path.resolve(__dirname, '../../REGISTRY.md'); ... fs.writeFileSync(REGISTRY_PATH, generateRegistry(skills));
Review generated registry entries, keep backups if needed, and regenerate the registry only from trusted installed skills.