ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Find Skills

v0.1.0

Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express...

0· 41·0 current·0 all-time
by@yuyonghao-123
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to discover and install other skills and its instructions only reference the Skills CLI (npx skills find/add/etc.), which is coherent with that purpose. Minor metadata inconsistencies exist: the registry owner ID at the top of the package differs from _meta.json.ownerId and the package.json author—this could be an innocuous packaging error but is worth checking.
Instruction Scope
SKILL.md confines actions to running the Skills CLI (npx skills find/add/check/update) and presenting search results. It does not request reading unrelated files or environment variables. However, it explicitly recommends installing discovered skills with 'npx skills add <pkg> -g -y', which performs global installs and suppresses confirmation prompts; that step can cause the agent to install third-party code without explicit user consent if executed autonomously.
Install Mechanism
This is an instruction-only skill with no install spec, so nothing is written by the skill itself. The approach relies on npx to fetch remote skill packages at install time. Using npx/skills to pull arbitrary packages from the network is expected for this use case, but it means trust is placed in the remote package sources; the SKILL.md's guidance to use global installs (-g) increases the impact of any malicious package.
Credentials
The skill declares no required environment variables, binaries, or config paths. The SKILL.md does not instruct reading any secrets or unrelated environment state, so requested access is proportionate.
Persistence & Privilege
The skill is not always-included (always:false). Model invocation is allowed (default), which is normal. The primary concern is procedural: the instructions encourage global, non-interactive installs (-g -y). Combined with autonomous invocation, that could let an agent install third-party packages without an additional explicit user confirmation.
What to consider before installing
This skill appears to do what it says: search the skills registry and show install commands. Before installing anything, especially if you let the agent act autonomously, do these things: (1) Verify the package owner and source on the skills.sh page or the GitHub repo; (2) Do not allow automatic global installs (-g -y) without your explicit approval — prefer a local or per-project install or run the install command yourself; (3) Double-check the metadata mismatch (owner IDs/authors) shown in the package — ask the publisher to confirm identity if you plan to install; (4) If you want more safety, ask the agent to only show install commands and wait for your explicit 'yes' before running them. These steps reduce the risk of unintentionally installing untrusted third-party code.

Like a lobster shell, security has layers — review code before you run it.

latestvk979pvjwttjsaxybvz7s4wdens83pdyn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments