Agent Marketplace
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly coherent as a marketplace, but its installer can write registry-provided remote code or downloads without visible integrity checks, which makes installs risky.
Review this skill before installing or using it to install other skills. Its marketplace functions are expected, but remote skill packages should be treated like executable supply-chain inputs: use trusted registries only, require HTTPS and integrity verification, inspect dependencies, and periodically clear or protect the local cache.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A compromised registry entry or insecure download URL could cause the marketplace to install tampered or malicious skill code.
The installer trusts registry-provided download URLs or embedded code and writes them locally, while allowing HTTP and showing no visible hash, signature, origin, or package verification.
const url = skill.downloadUrl; const client = url.startsWith('https:') ? https : http; ... fs.writeFileSync(targetDir, data); ... fs.writeFileSync(path.join(targetDir, 'index.js'), skill.code)Only install from trusted registries, prefer HTTPS-only sources, and require package signatures or pinned hashes plus a clear install preview before writing skill code.
Installing a skill may also pull in dependencies or change local skill state, so mistakes could affect future agent behavior.
The documented workflow includes one-click installation and automatic dependency resolution, which is purpose-aligned for a marketplace but can modify the user's local skill environment.
- 一键安装 - 依赖自动解析 - 冲突检测 - 回滚支持
Review the install plan, dependencies, target directory, and conflict results before approving installs; avoid force options unless you understand the impact.
Local preference files may reveal which skills a user searched, viewed, installed, or rated, and stored preferences can influence future recommendations.
The recommendation engine stores per-user interaction history and reuses it for personalization.
this.userPrefsPath = path.join(this.dataDir, 'user-preferences.json'); ... installed: [], searched: [], viewed: [], rated: [] ... this._saveUserPreferences();
Treat the cache directory as private, clear it when needed, and avoid storing sensitive identifiers as user IDs.