ClawHub

Clone master

v1.0.0

Guide agents to clone GitHub repositories using git clone with SSH or HTTPS authentication, handle branches, submodules, shallow clones, and keep repos updat...

0· 99·1 current·1 all-time
bywow@duanc-chao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description promise guidance for cloning and syncing GitHub repos; the SKILL.md only contains git-related instructions (clone options, auth setup, submodules, sync, troubleshooting). No unrelated binaries, env vars, or credentials are requested.
Instruction Scope
Runtime instructions are limited to Git operations and related local diagnostics (e.g., checking git version, showing ~/.ssh/id_rsa.pub). Accessing the user's public SSH key or guiding them to generate a key is appropriate and necessary for SSH auth. There are no instructions to read unrelated files or to transmit data to unexpected endpoints.
Install Mechanism
There is no install spec and no code files; the skill is instruction-only, so nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requests no environment variables or credentials. Suggested items (SSH keys, PATs, gh CLI) are relevant to GitHub auth and are presented as user-driven actions rather than implicit requirements.
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistence. It does recommend running local git commands that will create/update files (normal for its purpose); autonomous invocation is allowed by platform default but not unusually privileged by the skill itself.
Assessment
This is a straightforward, instruction-only guide for cloning and syncing GitHub repos. It does not request secrets or install software automatically, but it will instruct an agent (or you) to run git/ssh commands that read or write files (e.g., cloning into a directory, reading ~/.ssh/id_rsa.pub). Before following commands: (1) confirm any commands the agent proposes, especially those that delete or overwrite directories; (2) never paste or expose private keys or raw tokens—only add public keys to GitHub; (3) be aware that optional recommendations (installing gh, configuring proxies) require you to install/configure additional tools; and (4) if you allow autonomous agent actions, ensure you trust the agent to run filesystem-changing git commands.

Like a lobster shell, security has layers — review code before you run it.

latestvk971d566txgkwy8nmevxq1q73h83778p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments