GitHub Token
v1.0.0Interact with GitHub using Personal Access Tokens. Secure, user-controlled access - no OAuth, no full account access. Clone, push, branch, PR, issues. Use when user wants to work with GitHub repos.
⭐ 1· 1.6k·2 current·2 all-time
byDanny Shmueli@dannyshmueli·duplicate of @dannyshmueli/github-token (1.0.0)·canonical: @dannyshmueli/github-pat
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the included code: the Python CLI uses a GitHub PAT to call the API and run git operations (clone, push, PRs, issues). However the registry metadata claims no required binaries while the script relies heavily on the git binary via subprocess calls — that is an inconsistency (the skill should declare 'git' as a required binary). Other than that, requested capabilities align with the stated purpose.
Instruction Scope
SKILL.md tells the agent to accept a PAT and to 'Store in TOOLS.md or pass via --token'. Storing tokens in a plain text TOOLS.md or passing tokens on the command line are insecure practices. The included script embeds PATs into HTTPS URLs for clone/push which can cause tokens to be written into .git/config or otherwise persist on disk. The instructions ask the agent to handle tokens but give unsafe storage guidance and do not warn about process-list exposure when using --token on the CLI. The SKILL.md's 'Never expose in logs' guidance is good but insufficient; the code's use of subprocess and URL injection can still lead to accidental exposure.
Install Mechanism
This is instruction-only with one script file; there is no install spec or remote downloads. That minimizes supply-chain risk — nothing is fetched from arbitrary URLs at install time.
Credentials
The skill declares no required env vars, and the code reads GITHUB_TOKEN from the environment (DEFAULT_TOKEN). That is reasonable. However SKILL.md's explicit instruction to save the token in TOOLS.md is disproportionate and insecure. Also the runtime behavior (embedding the token into HTTPS URLs or accepting it as a CLI arg) increases chances of exposure (saved in .git/config or visible in process lists). There are no unrelated credentials requested, so the scope of credentials is narrow, but the handling choices are risky.
Persistence & Privilege
always is false and the skill doesn't request persistent platform privileges. It does, however, encourage storing the token in a file the agent controls (TOOLS.md), which would be persistence of a secret under the agent's files — the skill itself does not change other skills or system-wide settings.
What to consider before installing
This skill appears to implement the described GitHub PAT operations, but take these precautions before installing or using it: (1) do not paste your PAT into chat; prefer setting GITHUB_TOKEN in a secure environment (not a shared TOOLS.md). (2) Avoid passing PAT via --token on the command line (it can appear in process lists). (3) Review and consider modifying scripts/gh.py to avoid embedding tokens into HTTPS remote URLs — embedding the token can cause it to be written into .git/config and persist on disk. Use a git credential helper or the GitHub CLI (gh) or OAuth device flow instead if possible. (4) Update the skill metadata to declare that 'git' is required; lack of that declaration is an incoherence. (5) Inspect .git/config and your working directories after use to ensure no credentials were saved. If you don't accept these risks, do not install or run the skill; if you proceed, review and harden the token-handling code (e.g., use HTTP Authorization header for API calls only, use git credential helpers, avoid storing tokens in plain text).Like a lobster shell, security has layers — review code before you run it.
latestvk9703n0htrk4ss4fn8kf1d4ysd801dhw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.