Skill Picker
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherently focused on finding and recommending skills, with disclosed use of an npx search command and explicit limits against autonomous installs.
This appears safe to use for discovering skills, but treat its recommendations as suggestions. Review any skill it recommends before installing, and only run or approve npx skills add commands when you intentionally want to change your agent’s installed skills.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may search the skills registry on your behalf using your task description or intent as the query.
The skill authorizes the agent to run a local CLI command autonomously, but only for skill-registry search, which is central to the stated purpose.
This is the ONLY npx command this skill executes autonomously npx skills find [intent-based query]
Install only if you are comfortable with the agent running registry search commands; review proposed install commands before approving or running them.
Skill discovery depends on the external skills CLI being trustworthy and available.
The skill relies on npx for its runtime behavior, while the provided registry requirements list no required binaries and no install spec. This is disclosed and purpose-aligned, but users should recognize the external CLI dependency.
tools: - npx binaries: - npx
Confirm that the skills CLI/source is trusted in your environment, and avoid approving installation of recommended skills without reviewing them.