find-skills
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'npx clawhub' command to execute searches and browse skill categories. This is a vendor-provided tool relevant to the skill's primary purpose.
- [EXTERNAL_DOWNLOADS]: The skill references several external websites and marketplaces for skill discovery, such as clawhub.com, openclawdirectory.dev, and lobehub.com.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes and displays external skill metadata (names and descriptions) that could be controlled by third parties. 1. Ingestion points: Output from search commands and external web directories. 2. Boundary markers: No specific markers are used to delimit external data. 3. Capability inventory: The skill performs information retrieval and display with no direct high-privilege operations. 4. Sanitization: No explicit sanitization of ingested metadata is mentioned.
Audit Metadata