Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
New Tag
v0.1.1Prepare and publish a git release tag by inspecting the repo's release convention, bumping affected package versions, validating release builds, committing t...
⭐ 0· 198·0 current·0 all-time
by@femto
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description and the SKILL.md align: the skill is clearly a git-release/tag helper. However the metadata lists no required binaries or env vars while the instructions explicitly assume tools like git, pnpm (or another package manager), ripgrep (rg), and standard Unix utilities (head, etc.). This omission is a mismatch between declared requirements and what the skill actually needs to run.
Instruction Scope
The instructions tell the agent to inspect the repo, update manifests, run build and release scripts (pnpm build / pnpm run), commit, and push branches and annotated tags. Running repository build/release scripts means arbitrary code checked into the repo will execute on the host — a normal part of releases but a significant runtime risk if you don't trust the repository or agent actions. The workflow does not attempt to read unrelated system files or external secrets, which is good.
Install Mechanism
There is no install spec and no code files beyond SKILL.md and a small agent manifest. Instruction-only skills write nothing to disk by themselves — low install risk.
Credentials
No environment variables or credentials are declared, but the skill expects to push to git remotes and may interact with publishing workflows (GitHub Actions / npm). Git push will use whatever credentials are configured for the agent runtime (SSH key, credential helper). If you expect the skill to publish to npm directly, an npm token or other credential would be required — the SKILL.md mentions npm publishing only as an outcome of tag-triggered workflows, not as an action requiring declared credentials. The lack of declared credentials is a documentation gap you should confirm.
Persistence & Privilege
The skill does not request permanent/always-on presence (always: false). The default autonomous invocation setting is allowed; that means an agent could perform pushes/tags if allowed by the platform and user prompts — be aware pushing tags is a remote-modifying action.
What to consider before installing
This skill is coherent in purpose (preparing and pushing a release tag) but has two practical gaps you should be aware of before installing: (1) the SKILL.md assumes tools that the metadata does not declare (git, pnpm or another package manager, rg), so confirm your agent environment actually has those binaries; (2) the agent will run repository build/release scripts and perform git push/tag operations using whatever credentials the runtime provides — these actions can execute arbitrary code from the repo and modify remote state. If you plan to use it, require explicit confirmation before any push/tag, test in a dry-run branch, ensure CI publishes are correctly configured (and that no npm tokens are exposed to the agent), and limit the agent's git credentials to a least-privilege account. If you need certainty about which binaries or credentials are required, ask the skill author to update the metadata to list required binaries and any environment variables or tokens it may use.Like a lobster shell, security has layers — review code before you run it.
latestvk97dx3y9ve07zy259nkckqmvs182pvdz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.