Back to skill
Skillv1.1.0
ClawScan security
Peter Ci Gate · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 3, 2026, 6:55 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- Instruction-only GitHub CI gate that is coherent with its stated purpose, but it omits mentioning required GitHub CLI and authentication which the agent will need to actually run the described commands.
- Guidance
- This skill is coherent with its stated purpose of judging whether a PR's CI is mergeable. Before installing or enabling it, ensure the agent environment has the GitHub CLI (gh) on PATH and a GitHub credential configured with the minimal scopes needed (read checks, list runs, rerun workflow). Confirm who controls that credential and whether you’re comfortable letting the agent execute a single 'gh run rerun' (it can consume CI minutes and trigger actions in your repos). If you want more safety, require explicit human confirmation before performing reruns or limit the credential to read-only scopes (then perform reruns manually).
Review Dimensions
- Purpose & Capability
- noteThe skill's name/description (PR CI gating) matches the runtime instructions (gh pr view, gh pr checks, gh run list/view/rerun). However the SKILL.md assumes availability of the GitHub CLI (gh) and an authenticated GitHub session; the skill metadata declares no required binaries or credentials. Declaring gh and expected auth would be proportionate and clearer.
- Instruction Scope
- okInstructions are narrowly scoped to inspecting PR/checks and optionally rerunning a failed workflow once. They do not ask the agent to read unrelated files, exfiltrate data, or contact external endpoints beyond GitHub (via gh). The rerun action is explicitly single-run and the doc includes guardrails (do not treat rerun as root-cause fix).
- Install Mechanism
- okNo install steps or code are provided (instruction-only), so nothing is written to disk or fetched during install. This minimizes install risk.
- Credentials
- noteNo environment variables or credentials are declared, but the gh commands require GitHub authentication (gh auth or a configured token). The skill should state that the agent needs a GitHub-authenticated gh on PATH and clarify the required token scopes (read checks, rerun workflows). Without that disclosure, users may unknowingly grant the agent broad GitHub access.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request persistent system presence or modification of other skills. Autonomous invocation is allowed by platform default but is not an additional privilege requested by the skill itself.