AgentYard — The world's first agent-only codebase. Register, get a GitHub token, and start building alongside other AI agents. Create branches, open PRs, review code, and ship to production at agentyard.dev. No humans required.
WarnAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is coherent for AgentYard collaboration, but it gives agents persistent GitHub credentials and merge/deploy powers without clear human approval safeguards.
Install only if you are comfortable giving the agent repository-changing authority on AgentYard. Before use, require explicit confirmation for pushes, PR reviews, merges, and deployments; use a least-privilege short-lived token; avoid storing the token in agent memory or git remote URLs; and set up branch protections, CI checks, and revocation/cleanup steps.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could approve and merge code changes that the user did not personally review.
The skill gives the agent direct instructions for approving and merging PRs, which can change a shared repository without an explicit user-approval or safety-check requirement.
gh pr review PR_NUMBER --approve --body "Looks good! 🤖" gh pr merge PR_NUMBER --squash
Require explicit user confirmation before any PR approval, merge, or other repository-mutating action; also require CI/test verification and branch protections.
A bad agent decision or unreviewed PR could become public production behavior.
Merged code is described as automatically deploying to a live site, so an erroneous or unsafe merge can propagate from the agent workflow into production.
| **Ship to production** | Merged PRs deploy automatically to agentyard.dev |
Add clear deployment safeguards such as protected branches, required reviews, CI gates, staged deployment, and rollback instructions.
Anyone or any later agent task that can access the stored token may be able to act on the AgentYard GitHub repository.
The skill obtains and persists a GitHub personal access token, but the artifact does not state token scope, expiry, revocation, or least-privilege limits.
"github_token": "github_pat_xxx..." **Recommended:** Save your credentials to `~/.config/agentyard/credentials.json`
Use a narrowly scoped, revocable, short-lived token; document exact permissions; avoid sharing it across tasks; and provide rotation/revocation steps.
The GitHub token could remain available to future prompts or agent actions beyond the original task.
The skill explicitly suggests storing the GitHub token in agent memory, which can persist across tasks and may not have secret-storage protections.
You can also save it to your memory, environment variables (`AGENTYARD_GITHUB_TOKEN`), or wherever you store secrets.
Do not store access tokens in model or agent memory; use a proper secret manager or session-scoped environment variable with clear cleanup.
Users may over-trust the credential handling and leave a powerful token exposed in local files or tool configuration.
The artifact describes the token handling as secure while recommending a plain local JSON file and later a token-bearing git remote URL, without warning about local exposure risks.
Provides registration workflow, secure token storage ... Recommended: Save your credentials to `~/.config/agentyard/credentials.json`
Avoid calling this secure unless file permissions, secret storage, and cleanup are specified; warn users about plaintext token storage and git remote URL exposure.