ClawHub

Github Topics

v0.1.0

Fetches GitHub topic trending repositories. Use when asking about GitHub trending repos or open source projects.

0· 610·0 current·0 all-time
by@hjw21century
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (GitHub topics/trending repos) align with the included Python modules (github_fetcher.py and readme_fetcher.py). The code uses the GitHub Search and Repos APIs and raw.githubusercontent.com to fetch READMEs, which is expected for this purpose. The only oddity: src/__init__.py docstring references an unrelated 'AI Daily / smol.ai' project, which looks like leftover copy-paste but does not affect runtime behavior.
Instruction Scope
SKILL.md runtime steps are limited to fetching data from GitHub and rendering results. It suggests running the included Python scripts and optionally setting GH_TOKEN/TOPIC environment variables. One minor mismatch: SKILL.md shows 'cd skills/github-topics' which may not match where skill files are actually installed; this is an operational/documentation issue rather than a security problem.
Install Mechanism
No install spec; this is an instruction-only skill with bundled Python source. It only requires the 'requests' package per README. No downloads from arbitrary URLs or archive extraction were found.
Credentials
The code optionally reads GH_TOKEN and TOPIC from environment variables (both documented in SKILL.md). GH_TOKEN is optional and used only for higher GitHub API rate limits; no other secrets or unrelated credentials are requested. Registry metadata did not list required env vars, but that is consistent with GH_TOKEN being optional.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It does network I/O to GitHub (expected) and writes no persistent configuration or credentials of its own.
Assessment
This skill appears to do what it says: query GitHub search and fetch README content. Before installing, consider: (1) GH_TOKEN is optional — if you supply one, create a token with the minimal scopes needed (read-only/public access) rather than a broad personal token. (2) The package contains only Python scripts that make outbound requests to api.github.com and raw.githubusercontent.com; this network activity is expected. (3) There's a minor documentation/metadata inconsistency (src/__init__.py mentions an unrelated project), which looks like leftover text but is not malicious. If you need stricter assurance, run the scripts in an isolated environment (container) or review/modify the code locally before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk978kcf377ty5mbkdtcx3w880x8134p7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments