GitHub Star Manager
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: github-star-manager-skill Version: 0.1.2 The OpenClaw skill 'github-star-manager' is classified as benign. All operations described in SKILL.md, such as exporting GitHub stars, managing lists, and unstarring repositories, are directly aligned with its stated purpose. The skill exclusively uses the official GitHub CLI (`gh`) and `jq` for data processing, writing only public GitHub data to a local file (`stars.json`). There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts designed to mislead the AI agent into performing unauthorized actions. While the skill notes that 'user' scope on a GitHub Classic token is required for list operations (a broader permission), this is explicitly stated as necessary for functionality and relies on the user's existing `gh` authentication session, not a new token request or storage.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user approves the wrong targets, repositories could be added to the wrong Lists or unstarred.
The skill intentionally exposes GitHub API operations that can change the user's account state, including adding repositories to Lists and unstarring. This is purpose-aligned and confirmation is requested, but it is still a sensitive capability.
Supports semantic categorization via LLM and bulk operations (unstar, add-to-list).
Review an itemized list of repositories before any batch operation, keep the exported stars.json as a backup, and test small batches first.
Commands run as the currently authenticated GitHub user and can affect that account's stars and Lists.
The skill operates through the user's existing GitHub CLI authentication and may require the GitHub user scope for Lists operations. This is disclosed and expected for the integration, but it grants delegated account authority.
This skill uses the `gh` CLI's existing auth session... token needs `user` scope — run `gh auth refresh -s user` or use a Classic token
Check `gh auth status` before use, ensure it is the intended GitHub account, and use the least privilege scope needed for the requested operation.
A bad category suggestion or stale-repo filter could affect many starred repositories if approved without careful review.
The intended workflow can apply AI-generated categorization or cleanup decisions across many repositories. The review step mitigates this, but mistakes could propagate through a batch.
Analyze the JSON — suggest categories ... Create Lists and add repos after confirmation ... Batch operations with delays between API calls
Require a detailed preview, limit batch size, and confirm high-impact actions such as unstarring separately from low-impact list additions.
New Lists may be public, which could expose how the user has organized starred repositories.
The example creates GitHub Lists as public by default. This is visible in the command, but the prose does not separately call out the privacy choice.
createUserList(input: {name: $name, description: $desc, isPrivate: false})Explicitly decide whether each List should be public or private, and change the command to `isPrivate: true` when privacy is desired.