Skillv1.0.0

ClawScan security

Github Actions Optimizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 12:48 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The instructions match the stated purpose but the skill omits required dependencies and credentials (gh CLI / GitHub auth) and therefore the metadata is incomplete — proceed only after confirming how it will be authorized and where it will run.
Guidance: This skill is plausible for optimizing workflows, but its metadata is incomplete. Before installing or running it: (1) confirm the execution context — it must run in a checked-out repository root so .github/workflows and gh commands work; (2) verify which GitHub credentials will be used (the skill needs read access to Actions run history and repository contents). Provide a least-privilege token (read-only Actions and repo contents) rather than a full admin token, or run it locally with your own gh-authenticated environment; (3) ensure the gh CLI and Python3 exist on the agent host, or expect failures; (4) inspect any outputs the skill produces before sending them off-agent (SKILL.md has no external network endpoints, but the agent could still leak data in outputs). If you cannot confirm auth/host details, treat this skill with caution or run it in an isolated/forked repository first.

Review Dimensions

Purpose & Capability: concernThe skill intends to analyze workflow files and run history, which legitimately requires the gh CLI (or direct GitHub API usage), Python for the provided snippet, and authenticated access to the repository and Actions data. The registry metadata declares no required binaries or credentials — that is inconsistent with the SKILL.md instructions.
Instruction Scope: concernSKILL.md contains explicit shell commands that read the repo (.github/workflows) and call `gh run list` to fetch run history; this requires running in a repository checkout and authenticated access to GitHub Actions data. The instructions do not reference unrelated system files, but they also don't document auth or execution context requirements (where the agent should run, which user/token will be used).
Install Mechanism: okInstruction-only skill with no install spec and no code files. That minimizes on-disk risk — nothing is downloaded or written by an install step.
Credentials: concernrequires.env lists none, but the runtime commands need credentials for GitHub (GITHUB_TOKEN or gh-authenticated user) and the gh CLI on PATH. The skill also assumes Python3 is available. Not declaring these is a mismatch and could lead to unexpected auth prompts or privilege misuse if the agent uses an existing token.
Persistence & Privilege: okalways is false and there is no install-time persistence. The skill does not request permanent presence or modify other skills' configs.