cross-ref
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill’s GitHub cross-reference purpose is coherent, but it can use your GitHub account for bulk public repo actions and explicitly tries to make automated commenting look human to avoid GitHub abuse detection.
Only install or run this if you are comfortable with it using your GitHub account. Keep it in plan/dry-run mode first, manually inspect every proposed comment/action, avoid use on repos you do not administer, and use a least-privilege GitHub credential. Be especially cautious of the abuse-detection-evasion rate limiting language.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this could put the user's GitHub account or repository reputation at risk and may violate platform anti-abuse expectations.
This explicitly frames the automation as human-looking and intended to avoid GitHub abuse detection, which is materially different from ordinary transparent rate limiting.
posts with organic-looking rate limiting — jittered intervals, breathing pauses, exponential backoff. Everything is designed to not trigger GitHub's abuse detection.
Do not use abuse-detection evasion or human-mimicking posting. Prefer transparent, conservative rate limits, respect platform responses, and avoid automated commenting on repos where you lack explicit permission.
If the approved comment list is wrong or too broad, the skill can publish many misleading comments under the user's GitHub identity.
The script loops through an approved-comments file and posts each item to GitHub via the raw API, creating public side effects without an interactive confirmation inside the script.
for ((i=START_INDEX; i<TOTAL; i++)); do ... gh api "repos/$REPO/issues/$ISSUE_NUM/comments" -f body="$BODY"
Run only in dry-run/plan mode first, inspect the exact approved-comments file, require explicit per-item or small-batch approval, and avoid automated close/label actions unless manually verified.
The skill can act with the user's GitHub permissions, potentially across repositories covered by that credential.
The skill needs the user's local GitHub authentication with broad repo permissions, while the registry metadata declares no primary credential.
- `gh` CLI authenticated with `repo` scope
Use a least-privilege GitHub token or account, restrict execution to repositories you administer, and require the skill metadata to declare its GitHub credential and write capabilities.
Users may not realize before installation that local scripts and GitHub CLI authentication are needed.
The registry/provenance and requirement declarations are incomplete even though the artifacts include shell scripts and the README documents GitHub CLI and jq requirements.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; Required binaries ... none; Primary credential: none
Declare required binaries, credential needs, and a verifiable source/homepage in the skill metadata.
Private issue titles, PR metadata, and body snippets may be processed in multiple model contexts.
The design sends repository PR and issue data to multiple model subagents; this is central to the skill but may include private repository information.
Spawns parallel Sonnet subagents ... Each subagent receives: Its batch of PRs ... The complete issue index ... The complete PR index
Use only with repositories whose data you are allowed to send to the configured model provider, and start with smaller counts or sanitized data for sensitive repos.