Skill discovery engine for AI coding agents. Recommends and installs the right skill when you need it — code review, test generation, debugging, commit messa...
Security Analysis
medium confidenceUndertow's instructions and requirements are largely coherent for a skill-discovery helper, but it delegates installation to an external CLI (clawhub) and makes trust assumptions about what that installer will write — you should verify clawhub's behavior and inspect any installed SKILL.md before use.
Name/description (skill discovery + recommending/installing developer skills) align with what the SKILL.md does: it reads a local index, checks ~/.cursor/skills/, matches intents, and runs 'clawhub install' when the user consents. The required binary 'clawhub' is reasonable and expected for the stated purpose.
Runtime instructions are narrowly scoped: read index.json in the skill directory, list ~/.cursor/skills/*/SKILL.md to see installed skills, match intents, and ask the user before running 'clawhub install'. The SKILL.md explicitly states it will not read other env vars or files. However, Undertow's security guarantees rely on external behavior (that clawhub only writes markdown and that newly installed SKILL.md are safe), which is an assumption rather than an enforced constraint.
This is an instruction-only skill (no on-disk install). That is low intrinsic risk. But actual installs are delegated to the external 'clawhub' CLI, which will perform network operations and write files into ~/.cursor/skills/. Undertow asserts clawhub only writes SKILL.md (no binaries), but this is a trust assumption about an external tool not enforced in the instructions.
No environment variables or credentials are requested. The only filesystem access is to ~/.cursor/skills/ to enumerate installed skills, which is proportionate to the purpose of checking what skills are already installed.
The skill does not request always:true or other elevated platform privileges. It neither modifies other skills' configs nor claims to persist beyond in-memory indexing of the bundled index.json. User consent is required before installs and before invoking newly installed skills.
Guidance
Undertow is generally coherent for discovering and recommending skills, but it relies on the external 'clawhub' CLI to fetch and place SKILL.md files into ~/.cursor/skills/. Before installing: (1) verify the clawhub binary is from a trusted source and understand what 'clawhub install' actually writes; (2) when asked to install a skill, inspect the installed ~/.cursor/skills/{id}/SKILL.md yourself before consenting to have the agent run it; (3) be cautious about 'rising' or autonomous-type skills (e.g., ones that claim to act autonomously across repos) — even with double confirmation they can contain instructions that request broad actions; (4) if you cannot verify clawhub's behavior, prefer manual installation or decline installs that you don't want the agent to handle. If you want higher assurance, ask for the exact clawhub install command output or a description of how clawhub sources and sanitizes skill packages.
Latest Release
v0.2.1
- Updated required command-line dependency from git to clawhub in the skill metadata. - No changes to skill logic or behavior.
More by @8co
Published by @8co on ClawHub
