ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw GitHub Assistant

v2.0.1

Query and manage GitHub repositories - list repos, check CI status, create issues, search repos, and view recent activity.

8· 14.8k·150 current·159 all-time
by@conorkenn·duplicate of @conorkenn/gh-query
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, SKILL.md, and code (api.js / index.js) all implement GitHub operations (list repos, CI, issues, PRs, create repo, search, commits). Required env vars and config keys (GITHUB_TOKEN, GITHUB_USERNAME, github.token, github.username) are directly used by the code to authenticate to api.github.com. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
SKILL.md limits runtime actions to setting credentials, restarting the gateway, and using the skill to call GitHub APIs. The instructions do not direct the agent to read unrelated files, exfiltrate data to third-party endpoints, or perform system-wide discovery. The README and SKILL.md warn about protecting the PAT.
Install Mechanism
No install spec downloads arbitrary code from external URLs; the package is instruction/code-only and contains standard JS files. No brew/npm/go installs are requested. The included code will run within the OpenClaw environment without additional installers.
Credentials
The skill requests only GITHUB_TOKEN and GITHUB_USERNAME (and matching config keys), which is proportionate to GitHub operations. Note: the recommended 'repo' scope gives wide access (create/delete repos, modify code/PRs/issues). This scope is consistent with capabilities (create_repo, create_issue, create_pull_request) but users should prefer least-privilege scopes (e.g., public_repo for public-only usage) or a token limited to required actions.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent platform-wide privileges or modify other skills. Autonomous invocation is the platform default and not combined with other red flags here.
Assessment
This skill appears to do exactly what it says: interact with GitHub using your Personal Access Token and username. Before installing: 1) Review and run the included code locally if possible to confirm behavior. 2) Create a token with the minimal scopes you need (avoid full 'repo' if you only need read access). 3) Prefer storing secrets in your platform's secret manager rather than long-lived shell variables on shared machines. 4) Rotate the token if you ever suspect compromise. 5) Note that a token with 'repo' scope enables destructive actions (create/delete/modify repos and issues), so only install this skill if you trust the code and the environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eyjrdzrqngg1jwfxrxesfy5811kb0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐙 Clawdis
EnvGITHUB_TOKEN, GITHUB_USERNAME
Configgithub.token, github.username

Comments