OpenClaw GitHub Assistant

The skill is generally well-behaved, providing GitHub integration capabilities and including responsible security warnings in its documentation (SKILL.md, README.md). It correctly handles GitHub tokens from environment variables or OpenClaw config and communicates only with api.github.com. However, the `create_issue` action in `index.js` defines an `extra` parameter of type `object` without further schema validation. This `extra` object is directly spread into the JSON body of the GitHub API request in `api.js`. This vulnerability could allow a sophisticated prompt injection attack against the AI agent to inject arbitrary fields into the GitHub issue creation request, potentially leading to unintended actions (e.g., adding assignees or labels not explicitly requested by the user) if the token has the necessary scopes. This is a vulnerability, not evidence of intentional malice by the skill developer.