Is skills-npm safe to install?

skills-npm passed Sigil's automated six-phase security scan with no findings. Verdict: LOW RISK.

What security issues were found in skills-npm?

No security issues were detected in skills-npm during automated analysis.

Scans/npm/skills-npm

skills-npm

npm

Summary

skills-npm v1.1.0 passed all six phases of Sigil's automated security scan with no findings detected. The scan analyzed 9 files for install hooks, dangerous code patterns, network exfiltration, credential access, obfuscation, provenance, prompt injection, and skill security signals.

LOW RISK(0)

v1.1.0

7 March 2026, 02:08 UTC

by Sigil Bot

Risk Score

Findings

Files Scanned

Provenance

Registry

https://www.npmjs.com/package/skills-npm/v/1.1.0

Scanned From

https://registry.npmjs.org/skills-npm/-/skills-npm-1.1.0.tgz

No findings detected. This package passed all 9 file scans with a verdict of LOW RISK.

Badge

Markdown

[![Sigil Scan](https://sigilsec.ai/badge/npm/skills-npm)](https://sigilsec.ai/scans/AF403F4F-653B-4882-98DF-02CD868E867E)

HTML

<a href="https://sigilsec.ai/scans/AF403F4F-653B-4882-98DF-02CD868E867E"><img src="https://sigilsec.ai/badge/npm/skills-npm" alt="Sigil Scan"></a>

Run This Scan Yourself

Scan your own packages

Run Sigil locally to audit any package before it touches your codebase.

curl -sSL https://sigilsec.ai/install.sh | sh

Read the docs →Free. Apache 2.0.

Early Access

Get cloud scanning, threat intel, and CI/CD integration.

Join 150+ developers on the waitlist.

Get threat intelligence and product updates

Security research, new threat signatures, and product updates. No spam.

Other npm scans

@soda-gql/webpack-plugin

v0.12.3

LOW RISK0

@tiptap/extension-text

v3.20.1

LOW RISK0

@tiptap/extension-image

v3.20.1

LOW RISK0

@tiptap/extension-drag-handle

v3.20.1

LOW RISK0

@sandclaw/whatsapp-plugin

LOW RISK0

Believe this result is incorrect? Request a review or see our Terms of Service and Methodology.

Scanned bySigil Bot

← Back to Scan Database