ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nm Imbue Scope Guard

v1.0.0

Pre-implementation scope control: evaluate feature necessity and enforce branch size limits

0· 32·1 current·1 all-time
by@athola
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (pre-implementation scope control, branch size limits) align with the SKILL.md: it scores features, checks backlog, enforces branch budgets, and documents deferrals via GitHub. Expectation to read repo files and run git checks is coherent. However, the skill's metadata declares no required binaries or credentials while the instructions clearly assume availability of git, gh (GitHub CLI), and python3 (and repository scripts). That mismatch is a design inconsistency to be aware of.
!
Instruction Scope
Instructions direct the agent to run git commands, inspect docs/backlog/queue.md, and create GitHub issues and Discussions (using gh CLI and GraphQL). They also call a local helper: python3 scripts/deferred_capture.py. Those actions are within the skill's purpose, but they will read repo contents and post potentially sensitive decision context to the remote GitHub repo by default (Discussion publishing is the default). The SKILL.md does not bundle the referenced script(s) nor declare the need for gh/gh auth: the agent may attempt operations that fail or (if credentials exist) create posts without clear prompts. The instructions are prescriptive about creating persistent external records (issues/discussions), which raises privacy/operational considerations.
Install Mechanism
This is an instruction-only skill with no install spec and no code files included in the bundle—low install risk. No network downloads or archive extraction are performed by the skill package itself.
!
Credentials
Manifest lists no required environment variables or credentials, yet the runtime instructions assume authenticated GitHub access (gh auth) and write permissions to create issues/discussions, plus local access to git and python. The lack of declared primary credential or required env variables is disproportionate to the operations described. If the agent has access to a GH token or gh CLI authenticated session, the skill can create persistent public artifacts in repos—this capability should be explicitly documented and constrained.
Persistence & Privilege
The skill is not marked always:true, which is appropriate. However, it instructs creating GitHub issues and publishing Discussions by default; because model invocation is allowed (disable-model-invocation: false), an autonomously-invoking agent with GH credentials could post content without explicit user approval. This combination increases blast radius and should be managed (e.g., require manual confirmation before issuing network writes).
What to consider before installing
Before installing or enabling this skill, check the following: 1) Ensure you run it in a repository context where creating GitHub issues/discussions is intended. The skill assumes git, gh (GitHub CLI), and python3 are available and that an authenticated gh session (or GH token) exists—yet none are declared. 2) Confirm the referenced helper script (scripts/deferred_capture.py) exists in your repo; if not, the automation will fail or behave unexpectedly. 3) Review the default behavior to publish Discussions (it's the default action); if you don't want automated public posting, change the workflow to require explicit confirmation or disable Discussion creation. 4) Limit the GitHub token scopes used by the agent (least privilege) and consider using a test/fork repo first to observe behavior. 5) If you plan to allow autonomous agent invocation, restrict or require approval for actions that create remote artifacts (issues/discussions). If these issues are acceptable and you run the skill interactively in a controlled repo with appropriate credentials and scripts present, the skill appears coherent with its purpose; if not, treat with caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ery8exwgps71mhxat6mn35584st06

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis

Comments