ClawHub
Back to skill
v1.0.0

Github

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:25 AM.

Analysis

This is a straightforward GitHub CLI helper, but it can act through the user’s existing GitHub login and a broad API command without clearly declared credential or scope limits.

GuidanceReview before installing if your `gh` CLI is logged into a GitHub account with private repository or organization access. Use a dedicated limited-scope token/profile for agent use and require confirmation before any command that changes issues, PRs, workflow runs, repository settings, or calls write-capable API endpoints.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceMediumStatusNote
SKILL.md
The `gh api` command is useful for accessing data not available through other subcommands.

`gh api` is a broad escape-hatch interface to GitHub’s API. The examples are read-only, but the skill does not state limits such as only using GET requests or requiring user approval for write-capable endpoints.

User impactA poorly chosen command could reach unintended repositories or endpoints under the user’s GitHub permissions.
RecommendationPrefer high-level `gh` subcommands for routine tasks, use explicit `--repo owner/repo`, and require user approval for `gh api` calls that use POST, PATCH, PUT, or DELETE.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
metadata
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.

The skill depends on the external `gh` CLI, but the package metadata does not declare or install that binary. Users must rely on their local CLI installation and authentication state.

User impactThe skill may fail if `gh` is missing, or it may use whatever `gh` binary and account configuration are already present on the system.
RecommendationInstall `gh` from a trusted source, verify which account is logged in with `gh auth status`, and consider declaring `gh` as a required binary in the skill metadata.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceMediumStatusConcern
SKILL.md
Use the `gh` CLI to interact with GitHub.

The GitHub CLI commonly acts through the user’s existing local GitHub authentication. The supplied requirements declare no primary credential, env vars, or config paths, so the account authority used by the agent is implicit rather than clearly scoped.

User impactThe agent may be able to read private repository data, CI logs, issues, and PRs, and may be able to perform GitHub actions allowed by the user’s current `gh` login.
RecommendationUse a least-privilege GitHub token or separate `gh` profile for agent work, specify the target repository, and require explicit confirmation before any write, merge, rerun, cancel, or API mutation.