Github Reader
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When you ask it to analyze a repository, the repository identifier may be used with GitHub and Zread rather than staying entirely local.
The skill discloses use of a third-party analysis service, and other artifacts describe GitHub API and browser/web_fetch use. This is expected for repository analysis, but users should know external services are involved.
Zread 是第三方深度代码解读服务(可选)/ Zread is a third-party code analysis service (optional)
Use it primarily for public repositories, and avoid submitting private repository names or sensitive project details unless you are comfortable with the external services involved.
Running the installer modifies your local OpenClaw skills directory and creates a local cache directory.
Installation uses a shell script to copy Python code into the OpenClaw skills directory and set up cache storage. This is a normal user-directed install flow, not automatic hidden execution.
SKILL_DIR="${GITVIEW_SKILL_DIR:-$HOME/.openclaw/skills/github-reader}" ... cp "$SOURCE_DIR/github_reader_v3_secure.py" "$SKILL_DIR/"Run the installer only from a trusted copy of the package, and review the script first if you use a custom GITVIEW_SKILL_DIR.
Repository analysis results may remain on disk until the cache expires or is cleared.
The skill stores analysis results in a local filesystem cache with a configurable directory and TTL. This is disclosed and purpose-aligned, but it creates persistent local data.
CACHE_DIR = os.getenv('GITVIEW_CACHE_DIR', '/tmp/gitview_cache')Clear /tmp/gitview_cache or reduce the cache TTL if you analyze sensitive or private repositories.
If you configure a GitHub token, the skill may receive whatever repository access that token grants.
The release notes mention optional GitHub token configuration, while the registry metadata declares no primary credential. There is no evidence of token leakage or misuse in the visible artifacts, but credential scope should be explicit.
GitHub API 限流 - 未认证只有 60 次/小时 ... workaround: 配置 `GITHUB_TOKEN` 环境变量
Use a minimally scoped read-only token if needed, and avoid broad private-repository permissions unless the skill clearly documents and requires them.
This review cannot fully confirm behavior in the unseen portion of the main Python file.
The supplied main runtime file is truncated in the review artifact, so the tail of the executable source cannot be verified here. The visible code is coherent with the stated purpose and the static scan is clean.
...[truncated]
Install from the official ClawHub package or repository and request/inspect the full untruncated source if you need higher assurance.