Clone master
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a straightforward GitHub cloning guide; its Git commands and credential guidance are expected, but users should approve local changes and protect GitHub credentials.
Use this skill when you want an agent to help with GitHub cloning or syncing. Before running commands, verify the repository URL and destination path, avoid pasting tokens or private keys into the chat, and be cautious with global Git configuration changes.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could change files in a local checkout or adjust Git settings if the user asks it to follow these instructions.
The skill directs the agent to run Git commands that can create or modify local repository files and optionally change global Git configuration. This is aligned with a cloning/sync skill, but the target repository, directory, branch, and global settings should be user-approved.
使用 `git clone <repository_url>` ... 运行 `git pull origin <branch_name>` ... 建议配置全局代理 (`git config --global http.proxy ...`)
Confirm the repository URL, destination folder, branch, and any global Git configuration changes before allowing the agent to run commands.
Mishandling a PAT or SSH key could expose access to private GitHub repositories.
The skill includes GitHub authentication guidance using SSH keys or PATs. This is expected for private repository cloning, but it involves account credentials and should be scoped carefully.
指导生成 SSH 密钥 (`ssh-keygen`) 并添加到 GitHub 账户 ... 使用 Personal Access Token (PAT) 代替密码
Use the least-privileged PAT needed, keep private keys and tokens out of chat logs, and only copy public SSH keys to GitHub.