Back to skill
Skillv1.1.0
ClawScan security
Gh · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 16, 2026, 4:29 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only wrapper around the GitHub CLI (gh) and its requested actions and scope match its stated purpose, with only a minor omission (it doesn't declare 'gh' as a required binary).
- Guidance
- This skill is a set of instructions for using the GitHub CLI and appears to do what it says. Before installing: ensure you have the gh CLI installed and authenticated (the skill does not declare this dependency); review and approve any destructive commands (delete, force-push, repo creation with the wrong visibility), and be aware that running the skill will use your existing gh credentials (it can act with whatever GitHub permissions your gh auth has). Because this is instruction-only (no code to audit), make sure the agent will only run the specific commands you intend and avoid granting it broad autonomous rights if you are uncomfortable with it acting on your repos without manual approval.
- Findings
[no_code_to_scan] expected: The regex-based scanner had no files to analyze because this is an instruction-only skill (only SKILL.md). That is expected for a CLI usage guide; absence of findings is not proof of safety but is consistent with the skill type.
Review Dimensions
- Purpose & Capability
- noteThe name and description match the instructions: the SKILL.md contains gh CLI commands for repo, PR, issue, and release workflows. Minor inconsistency: the skill does not declare the 'gh' binary under required binaries even though all runtime instructions assume the GitHub CLI is present.
- Instruction Scope
- okInstructions are narrowly scoped to running gh commands (auth status, repo create/clone/fork, issues, PRs, releases, etc.). They do not instruct the agent to read unrelated files, access unrelated environment variables, or send data to external endpoints other than GitHub. The doc notes using --source . which legitimately reads local repo state when operating in a repository.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files, so nothing is downloaded or written to disk by the skill itself (lowest install risk).
- Credentials
- noteNo env vars or credentials are declared, which is proportionate to the described purpose; however the skill implicitly relies on the user's existing gh authentication (gh stores credentials/config in the host environment). The SKILL.md does not explain installation or auth setup (the header links to an external 'Complete setup guide').
- Persistence & Privilege
- okalways is false and the skill does not request persistent/system-wide privileges. Model invocation is allowed (default) which is normal for skills; there is no evidence the skill modifies other skills or system configs.