Skillv0.0.1

ClawScan security

Github Stars Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 8, 2026, 10:21 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime instructions match its stated purpose (fetch starred repos and produce a Markdown report); nothing requests unrelated credentials or installs arbitrary third‑party code, but you should still review and run the included Python script locally before executing it.
Guidance: This skill appears coherent and implements what it claims: it uses the GitHub API to fetch starred repos and renders a Markdown report. Before running: (1) review fetch_stars.py yourself to confirm there are no unexpected network calls or data sinks (the script as provided calls only api.github.com and writes a local Markdown file), (2) run it locally or in a sandboxed environment (it executes arbitrary Python code included in the skill), (3) install its dependency if needed (pip install requests), and (4) only supply a GitHub PAT if you understand it increases rate limits — the skill correctly states a token with no scopes is sufficient. Since the skill source and homepage are unknown, exercise the usual caution and inspect the code before execution.

Review Dimensions

Purpose & Capability: okThe name/description promise (抓取 GitHub 用户的 starred 仓库并生成中文 Markdown 报告) aligns with the provided Python script and template. The files and instructions only reference GitHub API calls and local file output; there are no extra services, credentials, or binaries requested that would be disproportionate.
Instruction Scope: noteSKILL.md instructs copying and running the included fetch_stars.py and then presenting the generated file. The runtime actions are limited to calling api.github.com, rendering a Markdown file, and copying files under the user's filesystem. Note: the skill explicitly requires network access to GitHub (and suggests running locally because the agent host may not have outbound Internet). Also: the SKILL.md forbids using web_fetch/browser artifact and demands bash_tool execution — reasonable but gives the agent permission to execute shell commands. You should be aware executing the included script runs arbitrary Python code from this skill on your machine.
Install Mechanism: okThere is no install spec (instruction-only with a bundled script). No remote downloads or extraction are performed by the skill itself. The only dependency is the common 'requests' library; the script prints a helpful message if requests is missing. Minor usability note: SKILL.md does not explicitly include a 'pip install requests' step, although the script's header mentions it.
Credentials: okThe skill requests no environment variables or stored credentials. It supports an optional GitHub Personal Access Token passed as a CLI argument to increase rate limits; this is proportionate and the SKILL.md recommends creating a token with no scopes. No unrelated secrets or config paths are requested.
Persistence & Privilege: okThe skill is not always-enabled and does not request any persistent privileges or attempt to modify other skills or global agent settings. It runs on demand and only instructs the agent to copy and run a local script and to present the generated file.