Greptile
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its Greptile purpose, but its status command builds Python code from unvalidated arguments, which could let crafted input run local code.
Review before installing. Only use this skill if you trust Greptile and the publisher, use a least-privilege GitHub token, and avoid letting untrusted text choose repo, branch, or remote arguments until the status command is fixed to avoid Python code injection.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If untrusted text or a malicious branch/remote value influences a status command, it could execute commands on the user's machine with the agent's privileges.
REMOTE, BRANCH, and REPO come from command-line arguments and are inserted directly into Python source code. A crafted value containing Python syntax could break out of the quoted string and execute local code when the status command runs.
--remote) REMOTE="$2"; shift 2 ;;
REPO_ID=$(python3 -c "import urllib.parse; print(urllib.parse.quote('${REMOTE}:${BRANCH}:${REPO}', safe=''))")Pass the combined repo identifier to Python through argv or an environment variable, and validate remote against github/gitlab before use.
Greptile can access repositories permitted by the GitHub token used with this skill.
The script uses a GitHub token from the environment or local gh CLI login and forwards it to Greptile. This is expected for indexing private repositories, but it is high-impact account access.
GH_TOKEN="${GREPTILE_GITHUB_TOKEN:-${GITHUB_TOKEN:-}}"
GH_TOKEN="$(gh auth token 2>/dev/null || true)"
-H "X-GitHub-Token: $GH_TOKEN"Use a dedicated least-privilege token limited to the repositories you intend to index, and avoid relying on a broad default gh CLI token.
Private repository context and codebase questions may be processed by Greptile when you use the skill.
Repository identifiers, branches, questions, and indexing/search requests are sent to the external Greptile API. This is the stated purpose, but it is still an external provider data flow.
API="https://api.greptile.com/v2"
curl -sf -X POST "$API/query" ... repositories: [{remote: $remote, repository: $repo, branch: $branch}]Confirm that Greptile is approved for the repositories you query or index, especially for private or sensitive codebases.