OSS Contributor
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is openly designed to use your GitHub token to make public open-source contributions, but its no-prompt auto mode and broad GitHub authority warrant careful review.
Install only if you are comfortable letting an agent act through your GitHub account. Start with --dry-run, avoid headless --auto/--yes until you have repo allowlists and daily limits, use a tightly scoped GitHub token, and review the full untruncated skill instructions before enabling it.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
It could create public GitHub activity under your account, including forks and PRs, without reviewing each change first.
The skill can run GitHub issue-fixing and PR-opening workflows without confirmation when auto/yes modes are used.
"--auto | false | Headless mode for heartbeat/cron (no confirmation prompts)" ... "If `--auto` or `--yes`: proceed with all issues automatically."
Use --dry-run first, avoid --auto/--yes unless you have tight repo and daily limits, and require review of diffs before any PR is opened.
A broadly scoped GitHub token could allow more account or repository actions than intended if the agent follows these instructions too broadly.
The skill uses the user's GitHub token and identity for account actions, but the visible artifact does not specify least-privilege token scopes or clear boundaries.
"GH_TOKEN is already in the environment" and "Authorization: Bearer $GH_TOKEN"; description says it "opens PRs on your behalf."
Use a fine-grained GitHub token limited to the minimum needed repositories and actions, revoke it after testing, and do not provide org/admin scopes.
Local history of repositories and attempted issues may remain on disk and influence later automated decisions.
The skill stores persistent activity and issue-attempt history that can affect future runs.
ACTIVITY_FILE="$HOME/clawd/memory/oss-activity.json" and HISTORY_FILE="$HOME/clawd/memory/oss-history.json"
Review and clear these memory files when needed, and avoid storing sensitive/private repository activity there.
The workflow may fail or prompt the agent/user to install an undeclared dependency.
The artifact documents use of jq without declaring it as a required binary.
metadata requires bins ["curl", "git"], but the username command uses "| jq -r '.login'".
Declare jq as a required binary or replace that step with a curl-only parsing approach.
If enabled, PR or repository notification details could be sent to an external Telegram channel.
The skill exposes an optional external notification path, including a specific Telegram channel example, though the visible artifact says the default is none.
Usage includes "--notify-channel -1002381931352" and the flag table describes "Telegram channel for PR notifications".
Only configure a notification channel you control, and omit this option if you do not want external notifications.