Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
GitHub Operations
v1.0.0提供GitHub操作的完整解决方案,包括仓库管理、分支管理、PR和Issue管理、安全最佳实践、开源项目规范和IM通道集成。当用户需要操作GitHub仓库、创建开源项目或集成IM通道时调用。
⭐ 0· 62·0 current·0 all-time
byAI花生@edwardwason
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description describe GitHub repo/PR/issue management plus IM integrations. The code implements GitHub operations (via PyGithub) and IM webhook/API callers (Feishu, WeCom, iLink, Slack), which is coherent with the stated purpose.
Instruction Scope
SKILL.md instructs installing PyGithub/python-dotenv/requests, creating a .env with GitHub and IM tokens, and running the provided CLI. The runtime instructions and included scripts focus on GitHub and IM actions; they do not read unrelated system files or reach unexpected external endpoints beyond the documented IM providers and GitHub API.
Install Mechanism
No install spec is provided (instruction-only), and dependencies are declared in requirements.txt (PyPI packages). There are no downloads from arbitrary URLs or archive extraction steps in the package metadata — dependency installation is proportional to the functionality.
Credentials
The code and SKILL.md require a GITHUB_TOKEN and various IM tokens, which are appropriate for the feature set. However, top-level skill metadata in the provided registry excerpt lists "Required env vars: none" and "Primary credential: none", which conflicts with the script and SKILL.md that both require GITHUB_TOKEN and optional IM credentials. Verify the registry metadata before installing. Also ensure tokens use least privilege (e.g., repo-scoped token, not full account access).
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent platform-wide privileges or attempt to modify other skills. Note: autonomous invocation (disable-model-invocation=false) is the platform default — combined with networked credentials this increases operational blast radius, so be cautious about what tokens are provided and to which agent instances this skill is granted.
Assessment
This skill appears to do what it says: GitHub management plus optional IM notifications. Before installing: 1) Confirm the registry metadata mismatch — the script requires GITHUB_TOKEN even though the registry listed none. 2) Only provide a GitHub token with the minimal scopes needed (prefer a repo-scoped machine/service account instead of a personal token). 3) Review and only supply IM webhook/API tokens for channels you trust; the skill will post messages to configured endpoints. 4) Run the code in an isolated environment or test account first, and inspect scripts (scripts/main.py) yourself to ensure there are no hidden network endpoints or behaviors you don't accept. 5) For destructive actions (delete repo), the code requires explicit confirmation; still test carefully and avoid giving high-privilege tokens to untrusted agents.Like a lobster shell, security has layers — review code before you run it.
latestvk97dhnsd2enkdetva2cv7j5jhh83zzvk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.