God's eye view of your dev repos. Multi-project tracking across GitHub/Azure DevOps. AI learns from your commits to upgrade your agents.md.
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears purpose-aligned for repo dashboards and agent-instruction analysis, but it uses your GitHub CLI access and keeps cached repo data locally.
This looks reasonable for a developer repo-dashboard skill. Before installing, verify the source, be comfortable with it using your gh login to read configured repositories, and remember that cached project data is stored locally in ~/.god-mode.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If your GitHub CLI can access private repositories, this skill can read selected repo activity when configured or invoked.
The skill reads GitHub repository activity through the user's authenticated gh CLI session. This is expected for the stated repo-dashboard purpose, but it inherits whatever repository access the user's gh login has.
gh api "repos/$repo/commits?per_page=100" --paginate ...; gh pr list --repo "$repo" ...; gh issue list --repo "$repo" ...
Use it only with GitHub accounts and token scopes you are comfortable exposing to local repo-analysis tooling.
Someone with access to your machine could inspect the local god-mode database and see cached repo activity or agent-instruction content.
The local SQLite cache stores commit metadata, author emails, agent instruction file contents, and analysis results. This is disclosed and purpose-aligned, but it creates a persistent local copy of potentially sensitive project context.
commits (... author_email TEXT, message TEXT ...); agent_files (... content TEXT ...); analyses (... result TEXT ...)
Protect or periodically remove ~/.god-mode/cache.db if it contains sensitive repository information.
It may be harder to verify exactly where the runnable scripts came from or how they are meant to be installed.
The registry provenance and OpenClaw install path are not fully declared, even though the README references a GitHub repository and manual PATH setup.
Source: unknown; Homepage: none; Install specifications: No install spec — this is an instruction-only skill.
Verify the repository/source before manually installing or adding its scripts to your PATH.
Unusual or malicious project names could break local god-mode database state.
Some SQLite queries interpolate project/search values directly into SQL. In normal use this only affects the local cache, but malformed project identifiers could corrupt or manipulate cached data.
db_query "SELECT * FROM projects WHERE id = '$search' OR name LIKE '%$search%' OR id LIKE '%$search%' LIMIT 1"
Use normal provider:owner/repo identifiers, and the maintainer should validate inputs or use parameterized SQLite handling.