Fork-It
WarnAudited by ClawScan on May 14, 2026.
Overview
Fork-It is mostly a GitHub search helper, but its included scripts run shell commands built from user-controllable inputs and automatically use a GitHub token if present.
Review this skill before installing. Its GitHub-search purpose is understandable, but the current implementation should be fixed to avoid shell command construction and to clearly disclose any GitHub token use and scope.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or malformed argument could cause the helper to run unintended commands on the user's machine.
The script builds a shell command and executes it. Some fields used in the URL, such as --sort and --order, come from CLI arguments and are not validated or shell-escaped, so crafted input could break out of the quoted URL and run local commands.
const cmd = `curl -s ${headers.join(' ')} "${url}"`; ... return JSON.parse(execSync(cmd, { encoding: 'utf-8', timeout: 30000 }));Replace shell-based curl calls with a safe HTTP client such as fetch, or strictly validate and escape every user-controlled command component before execution.
Looking up a crafted repository string could run unintended local commands.
The repository name is incorporated into a URL that is then placed inside a shell command. The code only checks for an owner/repo shape and does not restrict characters, leaving a command-injection path if attacker-controlled input reaches this helper.
const url = `${GITHUB_API}${path}`; ... const cmd = `curl -s ${headers.join(' ')} "${url}"`; ... execSync(cmd, { encoding: 'utf-8', timeout: 30000 })Validate owner and repository names against GitHub's allowed character set and avoid shell execution for HTTP requests.
If a GitHub token is present, the skill may make authenticated GitHub requests without the user realizing which account or permissions are being used.
The script automatically uses a GitHub token from the environment, but the registry declares no required environment variables or primary credential and the visible skill instructions do not explain token scope, opt-in, or whether private repositories may be included.
if (process.env.GITHUB_TOKEN) { headers.push(`-H "Authorization: token ${process.env.GITHUB_TOKEN}"`); }Declare the optional GITHUB_TOKEN credential, document the needed scopes, prefer public-only searches unless the user opts in, and avoid placing tokens in shell command strings.
The agent may pause coding help to recommend existing projects to fork.
The skill intentionally redirects many new-development requests into GitHub search first, even for some wording that normally suggests the user wants original or dependency-free code. This is part of the skill's purpose but may surprise users.
**Search first, code second.** ... "From scratch / Hand-write" Series (Great fork candidates)
Ask the user before switching from a build-from-scratch request to a fork-first workflow, especially when they explicitly request original or dependency-free work.
It may be harder to verify exactly which publisher/version produced this package.
The packaged _meta.json owner/version values do not match the registry metadata shown for owner/version. This is not proof of malicious behavior, but it is a provenance and packaging-coherence gap.
"ownerId": "kn7aknkqf8f1f1b6sk03z7men58212tp", "version": "2.0.0"
Publish with consistent registry and package metadata, and include a homepage or source link for easier provenance review.