Scan Report
0 /100
find-skills
Helps users discover and install agent skills from the open agent skills ecosystem
This skill is a pure documentation-only package with no executable code. It helps users discover and install agent skills by running documented npx commands. All behavior is accurately declared in SKILL.md.
Safe to install
No action required. This is a safe, documentation-only skill.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No filesystem access found |
| Network | NONE | READ | ✓ Aligned | SKILL.md documents npx CLI tool (allowed) |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:44-45 documents 'npx skills find' and 'npx skills add' commands |
| Environment | NONE | NONE | — | No environment access found |
| Skill Invoke | NONE | NONE | — | No skill invocation found |
| Clipboard | NONE | NONE | — | No clipboard access found |
| Browser | NONE | NONE | — | No browser access found |
| Database | NONE | NONE | — | No database access found |
2 findings
Medium External URL 外部 URL
https://skills.sh/ SKILL.md:33 Medium External URL 外部 URL
https://skills.sh/vercel-labs/agent-skills/vercel-react-best-practices SKILL.md:65 File Tree
2 files · 4.7 KB · 139 lines Markdown 1f · 134L
JSON 1f · 5L
├─
_meta.json
JSON
└─
SKILL.md
Markdown
Security Positives
✓ No executable code - skill is documentation-only (SKILL.md only)
✓ All shell commands explicitly documented in SKILL.md
✓ No obfuscated code, base64 payloads, or hidden functionality
✓ No credential harvesting or sensitive data access
✓ No network exfiltration or C2 communications
✓ No supply chain risks (no dependencies)
✓ Documentation accurately describes all behavior
✓ External URLs (skills.sh) are documented and expected for skill discovery