skill-distributor
ReviewAudited by ClawScan on May 14, 2026.
Overview
This skill is mostly a coherent distribution helper, but its optional GitHub publishing path asks for a token, embeds it in a URL, overwrites README.md, and pushes changes without clear safeguards.
This skill looks suitable for generating distribution copy, but use it without a GitHub token first. If you enable automatic publishing, verify the destination repository, inspect file diffs, back up README.md, use a fine-grained short-lived token, and remove or rotate the token after pushing.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A wrong target path or generated file could replace a local README.md and publish unintended content to a GitHub repository.
The skill authorizes shell/write operations and tells the agent to overwrite the repository README and push changes. These actions are central to publishing, but high-impact and not bounded by mandatory diff, backup, branch, or final confirmation.
allowed-tools: Read,Write,Bash ... cp distro/github/README.md README.md ... Git add → commit → push
Use generation-only mode first. Before any push, require an explicit target repository confirmation, inspect a diff, back up overwritten files, and prefer pushing to a branch/PR instead of directly to the default branch.
A token with broad permissions could be exposed locally or retained in repository configuration, allowing unintended future pushes or account access if mishandled.
The workflow asks for a GitHub credential and embeds it in a remote URL. The artifacts do not describe fine-grained token scope, cleanup, credential-helper use, or how to avoid persistence in git configuration.
GitHub Token(可选)... 用于自动推送 ... 添加 Token 到 URL:`https://<token>@github.com/<username>/<repo>.git`
Do not paste long-lived broad tokens into chat. Use a fine-grained token limited to one repository, prefer a credential helper or environment variable, remove any tokenized remote URL after use, and rotate the token if it was exposed.
Running the helper can execute external npm-distributed CLI code, so users rely on the provenance of that package.
The helper script may invoke the external ClawHub CLI via npx, and SKILL.md also documents npm-based CLI installation. This is expected for ClawHub publishing, but the package/version is not pinned in the artifacts.
if npx clawhub whoami >/dev/null 2>&1; then
Install the ClawHub CLI only from a verified source, consider pinning a known version, and run CLI commands only after explicit user approval.