GitHub Token
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is aligned with GitHub workflows, but it handles a powerful GitHub token in risky persistent and URL-based ways and can push all local changes without a safety check.
Review before installing. If you use it, create a fine-grained GitHub PAT limited to only the needed repositories, avoid full `repo` scope when possible, do not store the token in TOOLS.md or pass it in URLs, inspect `git status` before any push, and rotate the token if it may have been exposed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the PAT leaks, anyone with it may be able to read or modify GitHub repositories according to the token scopes.
The helper embeds the user's PAT directly into a Git HTTPS URL and passes it as a command argument; clone URLs can be persisted in git remote configuration and command arguments or errors may expose the token.
url = f"https://{token}@github.com/{repo}.git" ... subprocess.run(["git", "clone", url, dest], capture_output=True, text=True)Do not embed PATs in URLs. Use a Git credential helper, askpass flow, or securely scoped environment secret, redact git errors, and clearly declare the credential and required scopes.
The token could be reused across later tasks or accidentally exposed if TOOLS.md is shared, copied, indexed, or committed.
TOOLS.md is persistent agent-readable context; storing a GitHub PAT there creates long-lived secret exposure without retention, deletion, file-permission, or reuse boundaries.
Agent stores token in TOOLS.md under `### GitHub` section. Never expose in logs or messages.
Avoid storing PATs in TOOLS.md. Prefer a secret manager or per-session environment variable, and document how to remove or rotate the token.
Unintended files, unrelated edits, or secrets in the working tree could be committed and pushed to GitHub.
The push command automatically stages every local change, commits, and pushes without showing a status/diff or requiring explicit confirmation for the exact files.
subprocess.run(["git", "add", "-A"]) ... subprocess.run(["git", "commit", "-m", message] ... ["git", "push", "-u", auth_url, branch])
Show `git status`/diff first, require explicit user confirmation, and allow users to choose specific paths instead of always running `git add -A`.
Users have less registry-level information to verify where the helper came from and whether required tools are available.
The package includes a Python GitHub helper and documents python3/git command use, but provenance and runtime dependency metadata are incomplete.
Source: unknown; Homepage: none; Required binaries (all must exist): none
Declare the project source/homepage and required binaries, especially git and python3, so users can verify provenance and prerequisites.