Skill Picker
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: skill-picker Version: 1.0.3 The skill-picker bundle is a discovery tool designed to help users find relevant OpenClaw skills based on intent. It uses the `npx skills find` command for searching and provides explicit instructions to the agent to never execute installation commands (`npx skills add`) autonomously, ensuring user confirmation is always required. The logic is transparent, lacks obfuscation, and aligns with its stated purpose of intent-based skill recommendation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may search the skills registry on your behalf using your task description or intent as the query.
The skill authorizes the agent to run a local CLI command autonomously, but only for skill-registry search, which is central to the stated purpose.
This is the ONLY npx command this skill executes autonomously npx skills find [intent-based query]
Install only if you are comfortable with the agent running registry search commands; review proposed install commands before approving or running them.
Skill discovery depends on the external skills CLI being trustworthy and available.
The skill relies on npx for its runtime behavior, while the provided registry requirements list no required binaries and no install spec. This is disclosed and purpose-aligned, but users should recognize the external CLI dependency.
tools: - npx binaries: - npx
Confirm that the skills CLI/source is trusted in your environment, and avoid approving installation of recommended skills without reviewing them.