GitHub Chat Assistant (Whatsapp)
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches GitHub chat support, but it asks users to share broad GitHub tokens and includes long-lived cron automation that could keep accessing a repository after the chat.
Install only if you are comfortable giving the assistant GitHub API access. Prefer a fine-grained, short-lived token limited to one repository and only the permissions needed for the task, review every issue/comment/update before it is posted, revoke the token afterward, clean up temporary cache files, and avoid enabling the cron automation unless you have reviewed the script and have a clear disable/revoke plan.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the token is over-scoped or mishandled, the assistant could access private repository content or perform GitHub actions beyond the user’s immediate request.
A GitHub PAT is expected for this integration, but classic `repo`/`public_repo` scopes can grant broader repository/account authority than a single chat task, and sending the token in chat increases exposure.
**PAT** – confirm it has `repo` scope (private repos) or `public_repo` (public). Remind them to generate a short-lived token and send it in the chat
Use a fine-grained, short-lived PAT limited to the specific repository and only the needed permissions, such as Contents read and Issues read/write; revoke it immediately after use and avoid sharing it in insecure chat channels.
A scheduled job could continue calling GitHub and producing repo summaries after the original chat task is over.
The skill adds persistent scheduled operation with long-lived GitHub credentials, which is materially different from the earlier per-session temporary token workflow.
## 8. Daily automation & cron jobs - Store long-lived secrets outside the skill ... - Build reusable scripts under `scripts/` ... - When scheduling via `cron`, run the script
Do not enable cron automation unless the script is reviewed, the schedule is explicitly approved, the token is least-privileged, and there is a clear way to disable the job and revoke the credential.
The assistant could make visible or workflow-affecting changes in the repository’s issue tracker.
Creating, updating, closing, assigning, and commenting on GitHub issues is purpose-aligned, but it mutates repository data and should be user-approved each time.
Create the issue via `POST /repos/{owner}/{repo}/issues` ... use `PATCH /repos/{owner}/{repo}/issues/{number}` ... and `POST .../comments`Require the assistant to show the final issue/comment/update text and get explicit confirmation before each POST or PATCH request.
Private repository information may remain in temporary files after the chat unless it is cleaned up.
The skill may temporarily store private repo metadata, issue content, commit details, or file snippets on local disk for reuse during the session.
Record the raw JSON responses ... save to `/tmp/commits.json` ... Cache what you read per session ... under `/tmp/github-chat-ops/<repo>/...`
Clean up `/tmp` cache files after each session, avoid caching unnecessary private content, and ensure local temporary files are not synced or shared.