ClawHub

Github

v1.0.0

Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.

0· 167·0 current·0 all-time
by@keyserkazi1·duplicate of @makforce/github-1-0-0
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: all commands are gh CLI usages for issues, PRs, and runs. Minor metadata inconsistency: registry metadata lists slug "github-100" and ownerId kn71x... while _meta.json contains slug "github" and a different ownerId (kn70p...). This is likely a publishing/packaging mismatch but worth checking the source/origin before trusting.
Instruction Scope
SKILL.md only instructs use of gh commands (gh pr, gh run, gh issue, gh api, --repo, --json/--jq). It does not ask the agent to read unrelated files, access unrelated env vars, or transmit data to external endpoints outside normal GitHub API usage.
Install Mechanism
No install spec and no code files — instruction-only. This minimizes risk because nothing is downloaded or written by the skill itself.
Credentials
The skill declares no required env vars, which is reasonable for a gh CLI helper because gh relies on existing user authentication (gh auth, GH_TOKEN, etc.). However the skill will implicitly use whatever GitHub credentials are available to the agent/environment; verify the scope and permissions of those credentials before allowing the skill to run.
Persistence & Privilege
always is false and the skill is user-invocable with normal autonomous invocation allowed. It does not request persistent installation or modify other skills/configurations.
Assessment
This skill is an instructions-only wrapper for the gh CLI and appears coherent. Before installing: (1) confirm the skill source/origin because _meta.json owner/slug differ from registry metadata; (2) ensure the agent environment has the gh CLI installed and authenticated as you expect — the skill will use whatever GitHub credentials (gh auth or GH_TOKEN) are present, so verify those tokens' scopes to avoid unintended write/destructive actions; (3) if you do not trust the agent to act on your behalf, avoid enabling autonomous invocation or limit the agent's access to GitHub credentials. If any of these points are unclear, request the publisher clarify the metadata and provenance.

Like a lobster shell, security has layers — review code before you run it.

latestvk9789p4hc4bqfv3g8xbf3jgras830skt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments