ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nm Minister Github Initiative Pulse

v1.0.0

Generate markdown digests and CSV exports for GitHub issues, PRs, and initiative health tracking

0· 42·1 current·1 all-time
by@athola
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to generate markdown/CSV exports for GitHub issues and initiatives, which matches the included templates and digest logic. However, the instructions repeatedly reference running tracker.py and consuming ProjectTracker.get_status_report() JSON even though no code, install steps, or required binaries are declared. That mismatch means the skill as shipped depends on external tooling not documented in the skill metadata.
!
Instruction Scope
SKILL.md tells the agent/operator to run tracker.py commands and to 'sync from GitHub' and pull tracker JSON. Those runtime steps implicitly require access to a tracker.py implementation and to GitHub project data. The instructions do not request or record where tracker.py lives, how it should be installed, or how GitHub credentials are provided — granting the agent broad discretion to access local tools/configuration or rely on user-provided credentials outside the skill manifest.
Install Mechanism
There is no install spec and no code files — lowest-risk delivery. But because runtime steps expect tracker.py and ProjectTracker data, a missing install spec increases the chance users will run or obtain third-party code themselves to satisfy the instructions.
!
Credentials
The skill declares no required environment variables or credentials, yet its described GitHub sync and auto-labeling behavior imply the need for GitHub API credentials and possibly access tokens. That omission is disproportionate: a GitHub-integrating tool should document required tokens or explicitly state it only formats already-obtained data.
Persistence & Privilege
always is false and the skill does not request persistent presence or modify other skills. It does not request autonomous elevation beyond normal agent invocation.
What to consider before installing
This skill is primarily a set of templates and instructions, not an executable package. Before installing or invoking it: 1) Confirm where tracker.py / ProjectTracker come from — inspect that code and only run it from a trusted source. 2) Understand how GitHub access is provided: do not hand over a high‑privilege token blindly; prefer a least-privilege or read-only token and verify the token scope. 3) If you expect the skill to run automated syncs, ask the author for an install spec or include the required binaries and explicit environment variables. 4) If you must run unknown tracker code, do so in an isolated environment and review its network and file access to ensure it doesn't exfiltrate data.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🦞 Clawdis
latestvk9716z12db6pp19tvsnj3856wh84vars
42downloads
0stars
1versions
Updated 6d ago
v1.0.0
MIT-0
@athola
latest
Download

Night Market Skill — ported from claude-night-market/minister. For the full experience with agents, hooks, and commands, install the Claude Code plugin.

GitHub Initiative Pulse

Overview

Turns tracker data and GitHub board metadata into initiative-level summaries. Provides markdown helpers and CSV exports for pasting into issues, PRs, or Discussions.

Ritual

  1. Capture work via tracker.py add or sync from GitHub Projects.
  2. Review blockers/highlights using the Blocker Radar table.
  3. Generate GitHub comment via tracker.py status --github-comment or module snippets.
  4. Cross-link the weekly Status Template and share with stakeholders.

Key Metrics

MetricDescription
Completion %Done tasks / total tasks per initiative.
Avg Task %Mean completion percent for all in-flight tasks.
Burn RateHours burned per week (auto-calculated).
Risk HotlistTasks flagged priority=High or due date in past.

GitHub Integrations

  • Links every task to an issue/PR URL.
  • Supports auto-labeling by referencing phase in the tracker record.
  • Encourages posting digests to coordination issues or PR timelines.

Exit Criteria

  • All initiatives represented with updated metrics.
  • Markdown digest pasted into relevant GitHub thread.
  • Risk follow-ups filed as issues with owners + due dates.

Troubleshooting

Common Issues

If metrics appear outdated, ensure tracker.py has successfully synced with GitHub. If the Markdown digest renders incorrectly in GitHub, check for unescaped characters in task titles or missing newlines between table rows.

Comments

Loading comments...