Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
GitHub Safe Sync
v1.0.0Inspect, trigger, and clean up GitHub mirror repositories that use a safe-sync GitHub Actions workflow. Use when Codex needs to work on repository mirroring...
⭐ 0· 123·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name, description, SKILL.md and the included script all align: the tool talks to the GitHub API to inspect workflows, trigger dispatches, close force-push issues and delete backup branches. Those capabilities are appropriate for a 'safe-sync' mirror management tool. However, the registry metadata declares no required environment variables or primary credential while both SKILL.md and the script require a GITHUB_TOKEN. That mismatch is unexpected and should be corrected.
Instruction Scope
SKILL.md instructions are narrowly scoped to repository mirroring tasks and explicitly instruct the user to set GITHUB_TOKEN and to be cautious (dry-run, re-run status, verify before closing issues or deleting branches). The instructions do not ask for unrelated files or system-wide data. They do, however, permit destructive operations (issue close, git ref delete) which are within the stated purpose but require explicit user consent and a suitably-scoped token.
Install Mechanism
This is an instruction-only skill with no install spec; the included Python script will run when invoked. No untrusted downloads or package installs are performed by the skill itself, so installation risk is low. The main risk is executing the provided script — review it and run it in a controlled environment if unsure.
Credentials
The script requires a GITHUB_TOKEN (read/write) to perform actions; that is proportionate to its features. But the registry metadata does not declare this required env var nor a primary credential, which is an incoherence that can mislead users about required privileges. The code performs PATCH and DELETE operations on repos, so the token must be limited to the minimum necessary scope and repos; granting broad org-level or repo-deletion rights would be dangerous.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system privileges. It does not modify other skills or agent-wide settings. Autonomous invocation is allowed by platform default but not exceptional here; still, because the script can perform destructive repo operations, ensure agent invocation policies and token scope are appropriate.
What to consider before installing
Before installing or running this skill: (1) Note that the SKILL.md and the script require GITHUB_TOKEN but the registry metadata omits that — expect to provide a token. (2) Review the included scripts yourself: they call GitHub API endpoints that can PATCH issues and DELETE git refs (backup branches). Only run on repos you control or on a test repo. (3) Use the least-privilege token possible (limit to specific repo(s) and minimal scopes), avoid a broad org/admin token. (4) Prefer running status and dry-run flows first; do not use commands like close-force-push-issues or delete-backups until you have manually verified the situation. (5) Ask the publisher to update the skill metadata to declare GITHUB_TOKEN as the primary credential so users are not misled. If you will let an agent invoke this skill autonomously, restrict agent permissions and review audit logs because the skill can perform destructive write operations.Like a lobster shell, security has layers — review code before you run it.
git-githubvk979d1ey8jabt9h04gtrvpjq5n8330a7latestvk979d1ey8jabt9h04gtrvpjq5n8330a7self-hosted-automationvk979d1ey8jabt9h04gtrvpjq5n8330a7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.