Skillv1.0.1

ClawScan security

Greptile · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 15, 2026, 9:24 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is a thin wrapper around the Greptile REST API and mostly matches its description, but it transmits your GitHub token to an external service, has a small runtime mismatch (uses python3 but doesn't declare it), and comes from an unknown source—so review and limit credentials before using.
Guidance: This skill appears to implement the Greptile API as advertised, but it requires you to provide or allow access to a Git host token which the wrapper will forward to api.greptile.com. Only proceed if you trust that third-party service. If you decide to use it: (1) create a GitHub PAT with the minimum scopes needed (avoid using a personal/all-access token), (2) avoid using a token that grants org- or account-level admin access, (3) consider authenticating via a temporary token or using a test repository first, (4) be aware the script will read 'gh auth token' if you don't supply a token environment variable (so local gh CLI credentials can be used), and (5) note the script calls python3 but python3 is not declared as a required binary — ensure python3 is available in your environment. If you cannot verify greptile.com's provenance or privacy policy, treat this as high-risk and avoid providing high-privilege credentials.

Review Dimensions

Purpose & Capability: noteThe name/description match the included script and instructions: the skill queries and manages Greptile-indexed repos and requires a GREPTILE_TOKEN plus a GitHub/GitLab token. Asking for a Git host token is plausible because the script forwards it to the Greptile API so Greptile can access private repos. However the package has no homepage/source and the publisher identity is unknown, which reduces provenance confidence.
Instruction Scope: okSKILL.md confines runtime actions to calling scripts/greptile.sh which performs API calls (index/status/query/search) against https://api.greptile.com/v2. The instructions do not attempt to read unrelated files or exfiltrate arbitrary local data. They do, however, instruct the wrapper to obtain a GitHub token via 'gh auth token' if an env var is not provided (this reads local gh CLI auth state).
Install Mechanism: okNo install spec — instruction-only plus a small script shipped with the skill. Nothing is downloaded or written to disk during installation by the registry, so install risk is low.
Credentials: concernThe script requires GREPTILE_TOKEN and a Git host token (GITHUB_TOKEN or GREPTILE_GITHUB_TOKEN) and forwards the Git token to api.greptile.com via the 'X-GitHub-Token' header. Sending your GitHub PAT to a third-party API is a high-privilege action; it may be justified for indexing private repos, but you should only provide a minimal-scope token and only if you trust greptile.com. The script also attempts to call 'gh auth token' (reads local gh CLI credentials) — GH CLI access is declared as a required binary, but the script uses python3 for URL quoting while python3 is not listed in the declared required binaries (runtime mismatch).
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent system-wide modifications. It does not modify other skills or system settings.