GitHub Star Manager
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent for organizing GitHub stars, but it uses your GitHub CLI login to make persistent list and star changes that you should explicitly review.
Install only if you are comfortable letting the agent use your authenticated GitHub CLI session for star and List management. Before running changes, verify the GitHub account, export a backup of stars, inspect every proposed batch, require confirmation before unstarring, and choose whether Lists should be private or public.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user approves the wrong targets, repositories could be added to the wrong Lists or unstarred.
The skill intentionally exposes GitHub API operations that can change the user's account state, including adding repositories to Lists and unstarring. This is purpose-aligned and confirmation is requested, but it is still a sensitive capability.
Supports semantic categorization via LLM and bulk operations (unstar, add-to-list).
Review an itemized list of repositories before any batch operation, keep the exported stars.json as a backup, and test small batches first.
Commands run as the currently authenticated GitHub user and can affect that account's stars and Lists.
The skill operates through the user's existing GitHub CLI authentication and may require the GitHub user scope for Lists operations. This is disclosed and expected for the integration, but it grants delegated account authority.
This skill uses the `gh` CLI's existing auth session... token needs `user` scope — run `gh auth refresh -s user` or use a Classic token
Check `gh auth status` before use, ensure it is the intended GitHub account, and use the least privilege scope needed for the requested operation.
A bad category suggestion or stale-repo filter could affect many starred repositories if approved without careful review.
The intended workflow can apply AI-generated categorization or cleanup decisions across many repositories. The review step mitigates this, but mistakes could propagate through a batch.
Analyze the JSON — suggest categories ... Create Lists and add repos after confirmation ... Batch operations with delays between API calls
Require a detailed preview, limit batch size, and confirm high-impact actions such as unstarring separately from low-impact list additions.
New Lists may be public, which could expose how the user has organized starred repositories.
The example creates GitHub Lists as public by default. This is visible in the command, but the prose does not separately call out the privacy choice.
createUserList(input: {name: $name, description: $desc, isPrivate: false})Explicitly decide whether each List should be public or private, and change the command to `isPrivate: true` when privacy is desired.