Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
DevOps Bridge
v1.0.0Unified developer operations bridge connecting GitHub, CI/CD (GitHub Actions), Slack, Discord, and issue trackers (Linear, Jira, GitHub Issues) into cross-to...
⭐ 0· 765·7 current·7 all-time
byArik Tulchinsky@ariktulcha
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to connect GitHub, CI, Slack/Discord, Linear, Jira, etc., which legitimately requires network access and service credentials. However, the registry metadata declares no required environment variables, no primary credential, and no required binaries, while SKILL.md explicitly lists 'gh' CLI and messaging/issue-tracker credentials as required. This mismatch is disproportionate and incoherent: a bridge like this should declare the specific credentials and tools it needs.
Instruction Scope
SKILL.md instructs the agent to scan repos (including 'all repos I have push access to'), fetch CI logs, link PRs to issues, post messages to Slack/Discord, and interactively gather configuration. Those actions require access to account-level data and service tokens. The instructions also say to store configuration in workspace memory and propose cron jobs. The runtime instructions therefore go beyond a simple read-only helper and could access or persist sensitive tokens or repo data — but the skill does not declare or constrain that access. A unicode-control-chars prompt-injection pattern was also detected inside SKILL.md, which suggests the file attempted to embed tricky characters; that is suspicious in an instructions-only document.
Install Mechanism
There is no install spec and no code files (instruction-only), which reduces file-execution risk. However, SKILL.md depends on external CLIs (gh, optional Linear CLI) and APIs; the skill does not provide an installer or declare these binaries in registry metadata. The lack of an install step is low-risk by itself but the mismatch between declared requirements and the documented 'Required Tools' is a coherence issue.
Credentials
The skill will need multiple service credentials (GitHub token, Slack/Discord bot token or webhook, Linear/Jira API tokens) to implement its features, but requires.env is empty and no primary credential is declared. That absence is disproportionate and makes it unclear how credentials will be supplied or stored. The instructions' expectation that the agent can access 'all repos I have push access to' implies broad GitHub permissions; the user should not paste or expose long-lived tokens into chat unless they understand where and how they are stored.
Persistence & Privilege
always:false (normal). SKILL.md instructs storing configuration in workspace memory and scheduling cron prompts; persisting mappings (e.g., GitHub→Slack handles), schedules, and possibly tokens is expected for functionality. The document does not specify retention, encryption, or scope of persisted data — the user should confirm where workspace memory is stored and whether tokens/configuration persist after uninstalling. Autonomous invocation is allowed by default; this increases blast radius only if credentials are provided.
Scan Findings in Context
[unicode-control-chars] unexpected: Prompt-injection style unicode control characters were detected in SKILL.md. That is not expected for ordinary documentation and could be an attempt to manipulate prompt evaluation; it warrants review of the raw SKILL.md to see where those characters occur and why.
What to consider before installing
This skill's described functionality legitimately needs GitHub, messaging, and issue-tracker credentials and CLIs, but the registry entry declares none — that's the main red flag. Before installing or using it, ask the publisher for: (1) an explicit list of required credentials and the expected auth flows (prefer OAuth or temporary tokens, not pasting secrets into chat); (2) where configuration and any tokens will be stored, how long they persist, and whether they're encrypted; (3) evidence of the skill's source code or a homepage (there is none listed); and (4) clarification about the unicode-control characters found in SKILL.md. If the skill asks you to paste long-lived tokens into the chat or to grant broad repo access without a clear OAuth flow and a trustworthy source, do not proceed. If you still want to test it, do so with a throwaway account or a small test repo and limited-scope tokens (least privilege) and review all messages the skill posts before granting it wider access.Like a lobster shell, security has layers — review code before you run it.
latestvk97fkm09saabw4f1d60qrr88tn817krx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔧 Clawdis