ClawHub

GitHub API 工具

Security checks across malware telemetry and agentic risk

Overview

This is a GitHub API helper, but it asks for a broad GitHub token and gives the agent unguarded instructions for actions like merging PRs and triggering workflows.

Install only if you are comfortable giving the agent GitHub access. Prefer a fine-grained token limited to test or specific repositories, avoid production/deployment workflows, and require manual confirmation before any issue edits, PR merges, workflow dispatches, or other write actions.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI03: Identity and Privilege Abuse
High
What this means

A broad token could let the agent read or change private repositories and GitHub Actions workflows within the token holder's GitHub permissions.

Why it was flagged

The skill asks for a GitHub token with full repository and workflow permissions, but it does not bound the token to specific repositories, organizations, or least-privilege operations.

Skill content
Token 权限要求:- `repo` - 完整仓库操作 - `read:user` - 读取用户信息 - `workflow` - GitHub Actions 操作
Recommendation

Use a fine-grained GitHub token limited to specific repositories and minimal permissions, and clearly declare the credential requirement before installation.

#
ASI02: Tool Misuse and Exploitation
High
What this means

If the model chooses the wrong endpoint or parameters, it could make unintended GitHub changes using the user's token.

Why it was flagged

The skill routes GitHub operations through a raw exec/curl API pattern with a variable endpoint, which can bypass narrower, safer, purpose-scoped tool boundaries.

Skill content
使用 `exec` 工具调用 GitHub API ... https://api.github.com/{endpoint}
Recommendation

Require explicit user approval for every mutating request, restrict allowed endpoints, and prefer scoped built-in GitHub tools over raw curl where possible.

#
ASI08: Cascading Failures
High
What this means

A single unintended action could merge code, trigger automation, or affect production-connected workflows.

Why it was flagged

Merging PRs and dispatching workflows can propagate a mistaken agent action into CI/CD, deployments, or shared repositories, and the artifact does not describe containment or approval controls.

Skill content
# 合并 PR ... github_merge_pull ... # 触发 workflow ... github_dispatch_workflow
Recommendation

Use this only with explicit human review for PR merges and workflow dispatches, especially on protected branches or deployment workflows.