GitHub Automation Pro
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A broad GitHub token could let the skill modify repositories, issues, pull request metadata, or releases according to the token's permissions.
The skill requires a GitHub token and can enable all repository automation features, but the registry metadata declares no primary credential or environment variable requirement and the docs do not specify minimum token scopes.
.setGitHubToken('ghp_your_token_here')
.setDefaultOwner('your-org')
.setDefaultRepo('your-repo')
.enableAllFeatures()Use a fine-grained GitHub token limited to specific repositories and actions, and require the skill metadata and docs to declare the credential and minimum scopes clearly.
If invoked incorrectly, the skill could post issues, change issue state or labels, or publish releases in a repository.
The documented actions include creating and updating GitHub content and creating releases; these are purpose-aligned but high-impact mutations, and the artifacts do not define a confirmation or approval step.
建立 Issue(支援標籤、指派) ... 更新 Issue(標題、內容、狀態、標籤) ... 建立 Release
Require explicit user confirmation for write actions, especially release creation, and bind each run to a user-approved owner/repo and action.
Installing the package may pull in more third-party code than expected for a GitHub API helper, and obfuscation makes it difficult to verify what will run with the GitHub token.
Octokit fits the GitHub purpose, but Supabase, node-fetch, and Puppeteer are not explained by the documentation, versions are range-pinned with carets, and the package declares obfuscation, making credential-handling behavior harder to audit.
"dependencies": { "@octokit/rest": "^20.0.2", "@supabase/supabase-js": "^2.95.3", "node-fetch": "^3.3.2", "puppeteer": "^24.37.2" }, ... "obfuscation": trueRemove or justify unrelated dependencies, pin versions or provide a lockfile, publish readable source, and ensure the packaged entrypoint matches the reviewed files.
Users may overtrust the token handling and install the skill without realizing the code is difficult to audit and the token is necessarily used for remote GitHub API calls.
The documentation makes strong safety claims, including memory encryption and that the token never leaves the local environment, while the provided implementation shows token-based GitHub API use and obfuscated code rather than clear evidence supporting those claims.
- Token 絕不會離開本地環境 - 所有 API 呼叫使用 HTTPS - 敏感資料記憶體加密 **注意**:核心程式碼已混淆處理
Replace broad safety claims with precise documentation of where the token is sent, how it is stored, and what protections are actually implemented.