skill-search-optimizer
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs the agent to execute
npx molthub@latest, a command that downloads and runs a package from the NPM registry that is not associated with a known trusted organization or vendor. - [COMMAND_EXECUTION]: The skill provides numerous command-line examples using the
molthubCLI tool for searching, publishing, and installing skills, which requires shell access and execution of external binaries. - [DATA_EXFILTRATION]: The skill references external endpoints
clawhub.aiandclawdhub.comfor search and API operations. These domains are not whitelisted, and the naming discrepancy between the two may indicate a risk of connecting to unverified sources.
Audit Metadata