skillme Security Report — Trusted | ClawSafe

5 /100

skillme

Use when user asks to find, search, add, or install skills, or discover agent capabilities. Searches ClawHub and skills.sh simultaneously and can auto-convert skills.sh results into OpenClaw-compatible format.

Skill discovery and conversion tool with fully documented behavior; all network fetches target known GitHub URLs, file writes are scoped to user-specified output paths, and shell usage is explicitly shown in SKILL.md.

Skill Nameskillme

Duration33.7s

Enginepi

✓

Safe to install

No action needed. If policy requires declared capabilities in frontmatter, add a capability declaration to SKILL.md for future hardening.

Findings 1 items

Severity	Finding	Location
Info	Missing capability frontmatter Doc Mismatch SKILL.md does not declare shell, network, or filesystem capabilities in its YAML frontmatter. All operations are however explicitly documented in the body text. `--- (no capability fields present)` → Add 'allowed-tools' field to frontmatter listing Bash and Read/Write tools, e.g. '# allowed-tools: Bash, Read, Write'	`SKILL.md:1`

Resource	Declared	Inferred	Status	Evidence
Shell	`NONE`	`WRITE`	✓ Aligned	SKILL.md lines 12-20 show exec clawhub/npx commands
Network	`NONE`	`READ`	✓ Aligned	SKILL.md lines 54-60 describe URL fetching; scripts/convert_skillssh.py:fetch_ur…
Filesystem	`NONE`	`WRITE`	✓ Aligned	SKILL.md line 64 shows python convert script with --output flag; scripts/convert…

4 findings

🔗

Medium External URL 外部 URL

https://skills.sh/vercel-labs/agent-skills/react-best-practices

SKILL.md:52

🔗

Medium External URL 外部 URL

https://skills.sh/owner/repo/skill

scripts/convert_skillssh.py:10

🔗

Medium External URL 外部 URL

https://skills.sh/

scripts/convert_skillssh.py:46

🔗

Medium External URL 外部 URL

https://skills.sh/owner/repo/skill\n

scripts/convert_skillssh.py:90

File Tree

2 files · 14.1 KB · 418 lines

Python 1f · 272L Markdown 1f · 146L

├─ ▾ 📁 scripts

│ └─ 🐍 convert_skillssh.py Python 272L · 9.3 KB

└─ 📝 SKILL.md Markdown 146L · 4.8 KB

Security Positives

✓ All network requests target explicit GitHub URLs (raw.githubusercontent.com, raw.githubusercontent.com) — no arbitrary IP or C2

✓ File writes are scoped to user-supplied --output path — no unconditional writes to sensitive locations

✓ No obfuscation: script is readable Python with clear function names

✓ No credential harvesting or environment variable iteration

✓ No base64-encoded payloads, no eval(), no subprocess.Popen with shell=True from untrusted input

✓ URL fetching uses Python stdlib urllib — no third-party HTTP libraries that could exfiltrate data

✓ Input parsing uses safe argument parser with no shell=True risk

✓ The alternate-URL fallback in try_alternate_urls() only probes GitHub-owned domains

Scan Report

Findings 1 items

File Tree

Security Positives