Skillv3.0.0

ClawScan security

Github Actions Gen · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 19, 2026, 12:10 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are coherent with its stated purpose (generating and linting GitHub Actions workflows); it runs only a local shell script that reads/writes user-specified files and creates a benign data directory in the user's home directory.
Guidance: This skill appears to do what it says: run the bundled shell script to produce or inspect GitHub Actions YAML. Before installing or executing, review scripts/script.sh yourself (it is included) to ensure you accept running a local shell script. Note the script will create ~/.local/share/github-actions-gen (benign). The script's templates and help text are simplistic and some listed types/languages are not implemented — expect limited functionality. Only run the skill if you trust the BytesAgain source; avoid running it on repositories with sensitive data unless you inspect its behavior first.

Review Dimensions

Purpose & Capability: okName/description match the included script and commands. The SKILL.md maps directly to scripts/script.sh which implements create, template, lint, list, optimize, and secrets actions aimed at GitHub Actions YAML generation and checks. The requested capabilities (none) are appropriate for the stated purpose.
Instruction Scope: noteInstructions ask the agent to run the local shell script with user-supplied arguments; the script only reads files given as arguments and uses $HOME to create a data directory. There is no network exfiltration or access to unrelated system credentials. Minor scope mismatch: SKILL.md/list output mentions a few types/languages (e.g., test, lint, go, release, docker) that the create/template handlers do not actually implement — this is a correctness/usability issue, not a security issue.
Install Mechanism: okNo install spec and no downloads; the skill is effectively instruction + one bundled script. This is low risk because nothing is fetched from the network or installed automatically.
Credentials: okThe skill declares no environment variables or credentials. The bundled script similarly does not read secrets or external credentials. It creates a data directory under ~/.local/share/github-actions-gen but does not write any sensitive tokens. Proportional.
Persistence & Privilege: okalways is false and the skill does not request privileged or persistent system changes. It creates its own data directory in the user's home, which is normal for user-level tools.