Find Skills

Name: skills/find-skills
Author: vercel-labs

View on GitHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

This skill facilitates silent installation of arbitrary external skills

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

Find Skills: This skill helps you discover and install skills from the open agent skills ecosystem.

Actually does

The skill provides instructions and examples for using the `npx skills` command-line interface to search for (`npx skills find`) and install (`npx skills add`) agent skills. It also directs users to `https://skills.sh/` for browsing and verifying skill quality, and suggests commands like `npx skills init` for creating new skills.

Threat Analysis

AI Agent Traps ↗Scanned 4/16/2026

Content InjectionPerception1 finding

Semantic ManipulationReasoning1 finding

Cognitive StateMemory & Learning1 finding

Behavioural ControlAction4 findings

SystemicMulti-Agent Dynamics1 finding

Human-in-the-LoopHuman Overseer2 findings

Skill Info

Namevercel-labs/skills/find-skills

Registrygithub

Version004c73806e35

PURLpkg:github/vercel-labs/skills@004c73806e35?skill=find-skills

Stars17,052

Installs1,400,000

Source

Repository ↗SKILL.md ↗

SHA-2561e85f6f9686e...

SHA-15aafd1a88bb4...

MD5efcaee1dd97e...

TLSHebb1c78fea44...

ssdeep96:OxkW8H7fI...

Size5,446 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

https://github.com/vercel-labs/skills

1,400,000 installs

Skills.shDocs

npx skills add https://github.com/vercel-labs/skills

Assessments (6)

AI Agent Traps ↗

Arbitrary Code Execution via External Skill Installationcriticalcommand execution

The skill instructs the agent to install external packages from potentially untrusted sources using `npx skills add`. This capability, especially with global installation (`-g`), allows for arbitrary code execution if a malicious skill is installed.

100% confidenceline 101

npx skills add <owner/repo@skill> -g -y

Supply Chain Risk from Untrusted Skill Sourceshighsupply chain

The skill encourages installing packages from GitHub or 'other sources,' creating a supply chain risk where malicious or compromised skills could be introduced into the agent's environment, despite advice for quality checks.

90% confidenceline 30

npx skills add <package> - Install a skill from GitHub or other sources

Sub-agent spawning via installed skill executionmediumsub agent spawning

By facilitating silent installation of arbitrary skills that then extend agent capabilities, this skill creates a pathway for attacker-controlled skills to be loaded into the agent environment. Installed skills could themselves spawn additional agents or modify agent behavior.

70% confidenceline 23

Skills are modular packages that extend agent capabilities with specialized knowledge, workflows, and tools.

npx skills add <owner/repo@skill> -g -y

Reconnaissance via skill search query exposurelowreconnaissance

When the agent runs 'npx skills find [query]' based on user context, it may leak information about the user's technology stack, project domain, and capabilities to an external service (skills.sh registry).

55% confidenceline 72

npx skills find [query]

User asks 'how do I make my React app faster?' → npx skills find react performance
User asks 'can you help me with PR reviews?' → npx skills find pr review

Autonomy Abuse: Bypassing User Confirmation for Installationhighautonomy abuse

The `-y` flag in the `npx skills add` command instructs the agent to skip confirmation prompts during skill installation, reducing human oversight and increasing the risk of unintended or malicious installations.

100% confidenceline 101

npx skills add <owner/repo@skill> -g -y

Human Approval Fatigue via Automated Installationmediumapproval fatigue

The agent is instructed to offer to install skills and then use a command that skips confirmation, potentially leading to human approval fatigue if the user is not vigilant about what they approve.

80% confidenceline 98

If the user wants to proceed, you can install the skill for them: npx skills add <owner/repo@skill> -g -y

Global installation of packages without explicit consenthighapproval fatigue

The skill instructs the agent to offer to install packages globally (-g flag) on behalf of the user, and then proceed to do so. The workflow normalizes bypassing explicit per-install user confirmation, training users to accept agent-initiated installations.

85% confidenceline 90

### Step 6: Offer to Install
If the user wants to proceed, you can install the skill for them:
```bash
npx skills add <owner/repo@skill> -g -y
```

Prompt injection via externally fetched skill metadatahighprompt injection

The skill instructs the agent to fetch and process data from an external registry (skills.sh leaderboard and search results) and incorporate it into responses. Malicious actors controlling skill metadata on skills.sh could embed prompt injection payloads that the agent would process as instructions.

80% confidenceline 46

Before running a CLI search, check the [skills.sh leaderboard](https://skills.sh/) to see if a well-known skill already exists

If the leaderboard doesn't cover the user's need, run the find command:
npx skills find [query]

Indirect RAG/Knowledge Base Poisoning Vectormediumrag poisoning

This skill acts as a gateway for installing other skills. A malicious skill installed through this mechanism could then manipulate the agent's RAG or knowledge base, affecting future reasoning and decision-making.

70% confidenceline 1

The entire purpose of the skill is to find and install other skills.

Hardcoded trust in specific GitHub orgs as authoritativemediumsocial engineering

The skill hardcodes specific organizations (vercel-labs, anthropics, microsoft) as inherently trustworthy, which could be exploited if those namespaces are compromised or typosquatted. It also biases the agent toward recommending specific packages, potentially as a form of promotion.

70% confidenceline 71

**Source reputation** — Official sources (`vercel-labs`, `anthropics`, `microsoft`) are more trustworthy than unknown authors.

For example, top skills for web development include:
- `vercel-labs/agent-skills` — React, Next.js, web design (100K+ installs each)
- `anthropics/skills` — Frontend design, document processing (100K+ installs)

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/vercel-labs/skills/find-skills.svg)](https://mondoo.com/ai-agent-security/skills/github/vercel-labs/skills/find-skills)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/vercel-labs/skills/find-skills"><img src="https://mondoo.com/ai-agent-security/api/badge/github/vercel-labs/skills/find-skills.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/vercel-labs/skills/find-skills.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow