GitHub Workflow
PassAudited by ClawScan on May 9, 2026.
Overview
This instruction-only GitHub workflow skill is coherent and not malicious, but it uses GitHub account access and can guide repository-changing actions that users should explicitly approve.
Install this if you want an agent to enforce a structured GitHub workflow. Before use, verify the active GitHub account, use limited token scopes, require explicit approval for every repository-changing action, and keep secrets out of work logs and command output.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may apply GitHub workflow steps such as branching, logs, issues, and PRs even for simple project work.
The skill broadly changes how the agent should handle code/project work. This is disclosed and aligned with a workflow skill, but users should notice the scope.
These are mandatory behavioral rules. Follow them in every situation involving code, projects, or tasks.
Use the skill when you want this workflow, and explicitly tell the agent to skip or narrow the process when a task does not need it.
If approved, the agent could change repository state, merge code, publish releases, set secrets, or modify branch protections.
The skill documents repository-changing GitHub CLI operations. The global confirmation rule is a mitigating control, and these operations fit the GitHub workflow purpose.
Read-only lookup. All write operations require explicit user confirmation ... Merge (squash) `gh pr merge ...`; Create release `gh release create ...`; Set secret `gh secret set KEY ...`; Branch protect `gh api --method PUT ...`
Confirm every write action, especially PR reviews/comments, merges, releases, secrets, workflow changes, branch protection changes, repo deletion, and other irreversible operations.
The agent may act with the permissions of the authenticated GitHub account or token.
The skill depends on delegated GitHub identity or token access. This is expected for managing GitHub repositories, and the artifacts also say not to print or log tokens.
Auth: `gh auth login --web` or `GITHUB_TOKEN` env var
Use the least-privileged GitHub account/token possible, verify the active gh account before actions, and avoid broad organization/admin scopes unless needed.
The skill may fail or act under an unexpected local GitHub configuration if gh/git are missing or authenticated to the wrong account.
The skill relies on local external CLIs, while the registry metadata lists no required binaries. This is expected for a GitHub workflow skill, but it means behavior depends on the user's installed gh/git tools and configuration.
All operations via `gh` CLI ... `git checkout develop && git pull`
Install gh/git from trusted sources and check `gh auth status` and the target repo before allowing changes.
Project details written into work logs may persist across sessions and could be committed or reused later if not reviewed.
The skill uses persistent work logs for task state and session continuity. This is disclosed and purpose-aligned, but persistent notes can retain sensitive project details or influence later sessions.
Work log is not optional — it is part of every task from start to finish.
Keep secrets and private credentials out of work logs, review them before committing, and delete or redact unnecessary sensitive content.