Github Rising Stars
v1.0.0Discover fast-growing GitHub repositories before they appear on the official Trending page. Use when users ask to find emerging/rising GitHub projects, spot...
⭐ 0· 100·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md and the included Python script align: the script queries the GitHub Search API, filters/deduplicates, computes stars/day, and ranks repos. No unrelated binaries, hosts, or credentials are requested.
Instruction Scope
SKILL.md instructs the agent to run the bundled script and present results. It also mentions optionally adding an Authorization header for a PAT to raise rate limits; the distributed script, however, does not read environment variables for a token (so adding a PAT would require editing the script or providing it some other way). Apart from that, instructions stay within the stated purpose and do not ask the agent to read arbitrary local files or transmit unrelated data.
Install Mechanism
No install spec and only a small Python script are provided. Nothing is downloaded from external URLs or written to disk by an installer — lowest-risk install model for a skill with a local script.
Credentials
The skill declares no required env vars or credentials and the script runs unauthenticated against api.github.com (as documented). SKILL.md mentions that adding a PAT would increase rate limits, but the script doesn't automatically consume any token from the environment — so no secret access is requested by default.
Persistence & Privilege
always is false and the skill doesn't request persistent system-wide configuration or modify other skills. Autonomous invocation is allowed (platform default) but not combined with elevated privileges or secret access.
Assessment
This skill appears coherent and limited to its stated task. Before installing/running: (1) review the included script (already small and readable) and run it in a safe environment; (2) be aware it performs network calls to api.github.com (expected) and is subject to GitHub API rate limits — SKILL.md suggests using a Personal Access Token for higher limits but the script does not read a token from the environment, so supplying a PAT would require modifying the script or your runtime headers; if you do add a PAT, create a token with minimal scopes and store it securely; (3) results may include spammy/automated repos despite filters — manually vet high‑rate entries before acting; (4) if you plan to let an autonomous agent run this skill, note it will make outbound requests to GitHub on invocation (normal for this purpose). Overall, nothing in the package requests unrelated credentials or hidden network endpoints.Like a lobster shell, security has layers — review code before you run it.
latestvk973sjfxmv6009xnn9va8pws6d83fahx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.