ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Autonomous GitHub Team

v1.2.0

Autonomous GitHub Team — 41 AI agents that autonomously monitor a GitHub repository, detect bugs, create fixes, open PRs, and release to production. Triggers...

0· 76·0 current·0 all-time
by@captainsvbot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, required binaries (git, bash, curl, python3), and required env vars (GH_TOKEN, TARGET_REPO) are coherent for an autonomous GitHub automation that clones a repo and runs orchestrator scripts. Declared permissions (repo/PR/issues write) match the described functionality.
!
Instruction Scope
SKILL.md explicitly instructs cloning a remote repository and running orchestrator and agent shell scripts (agents/orchestrator.sh). While this is within the stated purpose, it directs execution of third‑party code with a write-capable PAT — a direct data-exfiltration or supply-chain risk. The skill does advise auditing agent scripts and running in a fork, but the runtime instructions inherently grant broad discretion to those remote scripts.
Install Mechanism
There is no packaged install; the skill is instruction-only and instructs git-cloning https://github.com/captainsvbot/AutonomousGitHubTeam.git pinned to tag v1.0.0. Cloning from GitHub and pinning a tag is better than downloading from an arbitrary server, but it still results in executing remote code on the host — a significant risk.
Credentials
Requested environment variables (GH_TOKEN and TARGET_REPO) are necessary for repository operations the skill performs. The GH_TOKEN requires write scopes, which are proportionate to creating fixes, PRs, and releases, but this is high privilege — the skill itself and its instructions repeatedly warn to use a least-privilege, repo-scoped token.
Persistence & Privilege
The skill does not request always:true or any system config paths and is user-invocable; however, because the agent can run autonomously (platform default) and the skill uses a write-capable PAT, an autonomous run could perform actions in the target repo without manual intervention. The SKILL.md recommends human review before merging, but you should confirm any automated merge/rollback behaviors in the repo code before enabling autonomous runs.
Assessment
This skill is internally consistent with its goal but is high-risk: it clones and executes third-party scripts and needs a write-capable GitHub token. Before installing, do all of the following: (1) Inspect the pinned v1.0.0 tag contents (especially agents/*.sh) and confirm what network calls and token usage occur; (2) Create a fine‑grained PAT scoped only to a single test repository (avoid org- or account-wide scopes) and prefer short expiration; (3) Test in an isolated fork or disposable repository first, with branch protection on main; (4) Run with a read-only or minimally scoped token initially to observe proposed changes without allowing writes; (5) Ensure human approval gates exist before any merge to main; (6) Monitor activity and rotate the token after testing. Because this package is instruction-only (no embedded code in the registry), you cannot rely on the registry scan — manual code review of the cloned repository is essential. If you cannot audit the code yourself, treat the skill as unsafe for production repositories.

Like a lobster shell, security has layers — review code before you run it.

latestvk975hfsgss4vwm2cvhdye2ybz183a48j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤖 Clawdis
Binsgit, bash, curl, python3
EnvGH_TOKEN, TARGET_REPO

Comments