Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Wander Monitor
v1.0.3Guides use of Wander to monitor GitHub Actions without polling. Use when the user pushes code and wants CI notifications, asks how to watch workflows, avoid...
⭐ 0· 206·0 current·0 all-time
by@erergb
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (monitor GitHub Actions) match the instructions to run watch-workflow scripts and use gh; that is coherent. However the SKILL.md mandates autonomous behavior after every git push (start background watchers) which is stronger than the registry metadata (no 'always' and no declared credentials) and effectively asks the agent to take persistent action tied to repo events.
Instruction Scope
The SKILL.md tells the agent to start background scripts after every git push, read repository files (.workflows.yml, .github/workflows/*), run scripts from a local clone (watch-workflow-bg.sh, smart-push.sh), check terminal output and report. That grants the agent ability to execute arbitrary shell scripts from a third‑party repo and monitor local state — more scope than a simple notification helper and potentially dangerous if the scripts are malicious or unexpected.
Install Mechanism
No automated install spec (instruction-only), which is low-risk by itself. The docs recommend cloning a GitHub repo (https://github.com/ERerGB/wander) and running its shell scripts; this is a manual network fetch of third‑party code and should be reviewed before execution.
Credentials
SKILL.md requires the gh CLI to be installed and authenticated (implicitly requiring access to GitHub auth tokens/config), and references WANDER_HOME and PATH changes — yet the skill metadata declares no required env vars or primary credential. Implicit access to the user's GitHub auth and shell environment is necessary for functionality but is not declared, which is an inconsistency and a potential privacy/security risk.
Persistence & Privilege
Although registry flags show always:false, the instructions explicitly demand the agent auto-trigger after every git push and to start background/detached processes and write logs under ~/.wander_logs. That attempts to establish persistent behavior and local process execution tied to repository events; combined with executing third‑party scripts, this elevates risk.
What to consider before installing
Before installing or enabling this skill, consider: 1) It instructs the agent to auto-run background shell scripts after each git push — review whether you want an agent to execute local scripts automatically. 2) The skill expects access to your gh CLI authentication and local files (repo tree, ~/.config/gh), but the metadata declares no credentials — verify what tokens/credentials gh exposes and limit scope. 3) The recommended install clones a third‑party GitHub repo and runs its scripts; audit the wander repo (watch-*.sh, smart-push.sh) for any network calls, data uploads, or commands that could exfiltrate secrets before running them. 4) If you want the functionality but not autonomous execution, run the scripts manually or require explicit confirmation before the agent starts background watchers. 5) If possible, ask the skill author for explicit declarations of required credentials and a signed/reputable source for the Wander tool; absence of declared env vars and the 'auto-trigger' instruction are the primary red flags here.Like a lobster shell, security has layers — review code before you run it.
latestvk97f6gbtrk542xszgdcwdqb8c583dtep
License
MIT-0
Free to use, modify, and redistribute. No attribution required.