Back to skill
Skillv1.0.0
ClawScan security
GitHub 项目分析助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 9, 2026, 8:14 PM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match the stated GitHub-analysis purpose, but it reads an undeclared GITHUB_TOKEN environment variable and writes downloaded repos to your ~/Downloads folder — an inconsistency that should be clarified before installing.
- Guidance
- The skill appears to do what it says (search GitHub, analyze repos, download zips). Before installing: 1) Note the developer/source is unknown and there's no homepage — consider trusting the author. 2) The scripts will use GITHUB_TOKEN if present but the skill metadata doesn't declare it — if you provide a token, prefer one with minimal scopes (a public read-only token is enough); do not expose a token with broad privileges. 3) Downloads are saved to ~/Downloads/github-analyzer/ and will store arbitrary repository code; consider running the downloads in an isolated environment if you are concerned. 4) Ask the publisher to add GITHUB_TOKEN to the skill metadata (requires.env) or explicitly document its use to remove the inconsistency. Overall the skill is coherent but this undisclosed env-var use is a noteworthy mismatch.
Review Dimensions
- Purpose & Capability
- okName/description align with included scripts (search_github.py, analyze_repo.py, download_repos.py). All required functionality (search, analyze, download) is implemented and there are no unrelated binaries or unexpected services referenced.
- Instruction Scope
- okSKILL.md instructions are narrowly scoped to calling the included Python scripts which use the GitHub API and optionally download repository zip files to ~/Downloads/github-analyzer/. The agent will run network calls to api.github.com and github.com and will write files to the user's Downloads directory — behavior that matches the stated feature set.
- Install Mechanism
- okNo install spec; this is instruction-plus-scripts only. The included Python code uses only the standard library (urllib, json, etc.), so there is no additional install/download step that would pull arbitrary third-party code.
- Credentials
- concernSKILL.md and the scripts optionally use a GITHUB_TOKEN from the environment to increase rate limits, but the skill metadata declares no required environment variables. The runtime code reads GITHUB_TOKEN (and sends an Authorization header even when empty), which is an undeclared credential access and should be declared explicitly. The skill also creates/writes files under ~/Downloads/github-analyzer/, which is consistent with its purpose but is a filesystem write that users should be aware of.
- Persistence & Privilege
- okThe skill is not always-enabled, does not request system-wide configuration changes, and does not modify other skills. It runs on-demand and writes only to its own download directory.