Skills
skills/stvlynn/qclaw-skills/find-skills/Gen Agent Trust Hub

find-skills

Fail

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands via the npx skills CLI to manage the agent skill ecosystem.
  • [EXTERNAL_DOWNLOADS]: It downloads the skills package from the npm registry and references remote code and guidelines from external sources, including Vercel Labs' GitHub repositories.
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions to download and execute remote code from arbitrary GitHub repositories using the npx skills add command. It explicitly recommends the -y flag to skip confirmation prompts, allowing for the silent installation of unverified software.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 21, 2026, 04:45 PM