find-skills
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs its primary function of searching third-party registries (skills.sh, clawhub.ai, and GitHub) using standard system utilities like curl and jq. All network operations target legitimate service endpoints related to the skill's purpose.
- [SAFE]: The included find.sh script features a security scanner that uses grep to identify potentially risky patterns (such as curl-to-bash or credential access) in the metadata of discovered skills. This is a defensive mechanism that inspects text content without executing it.
- [SAFE]: Filesystem access is limited to reading the names of subdirectories within standard skill installation paths (~/.agents/skills and ~/.claude/skills) to identify which skills are already present on the user's system.
- [SAFE]: The skill instructions provide a comprehensive security and decision rubric for the agent, encouraging manual review of third-party code and warning against recommending skills with high-risk markers.
Audit Metadata