Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Fleet PR Agent
v1.1.0Multi-repo PR monitoring and triage agent. Scans GitHub repos for open PRs, prioritizes by staleness/review status/CI state, and generates a structured Markd...
⭐ 0· 72·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The declared purpose (scanning GitHub PRs, scoring, producing Markdown) matches the code: both Python and shell scripts call the gh CLI and build reports. However the SKILL.md claims "pure Python stdlib + gh" and portability across platforms, while the shipped shell script actually requires additional tools (jq) and uses date flags that are platform-dependent. Also the SKILL.md claims Python 3.6+ but triage.py uses subprocess.run(capture_output=True) which requires Python 3.7+.
Instruction Scope
Runtime instructions and the scripts only fetch PR data via the gh CLI and format reports (no hidden network endpoints, no file exfiltration beyond writing the optional output file). Nothing in SKILL.md or the scripts instructs reading unrelated local files or transmitting data to third-party endpoints beyond GitHub via gh.
Install Mechanism
There is no install spec (instruction-only), so nothing will be downloaded at install time. But the package includes two runnable scripts; the presence of a shell script with additional runtime dependencies (jq, specific date behavior) means the runtime environment must provide more than the SKILL.md declares.
Credentials
The skill implicitly requires an authenticated gh CLI (and therefore a GitHub token) but does not declare a required credential or primaryEnv. That token gives access to the repos the user scans and should be considered sensitive; the SKILL.md should explicitly call out required token scopes. The shell script also depends on jq (undeclared). The optional env vars for configuration are fine, but the lack of explicit declaration for the GitHub credential and the undeclared jq dependency are disproportionate to the transparency expected.
Persistence & Privilege
The skill does not request permanent 'always' inclusion and does not modify other skills or system-wide settings. It only runs ad-hoc scanning when invoked.
What to consider before installing
This skill appears to implement PR triage as described, but there are practical inconsistencies you should address before installing or running it: 1) The scripts require an authenticated gh CLI (a GitHub token) — treat that token as sensitive and prefer a token with minimal scopes; the skill does not declare this requirement explicitly. 2) The SKILL.md claims only Python stdlib + gh and Python 3.6+, but triage.py uses capture_output (Python 3.7+) and the included triage.sh requires jq (not listed) and uses date flags that may not work on all platforms. 3) Decide which script you will run (Python or shell) and ensure your environment meets its real requirements (Python >=3.7 for triage.py; gh + jq + compatible date for triage.sh). 4) Review the scripts yourself or run them in a limited/test environment first (non-production account or token with restricted repo access). 5) If you plan to let an autonomous agent invoke this skill, be aware that the agent will be able to run gh commands using whatever gh auth is present — restrict token scopes accordingly. If the publisher can be contacted, ask them to update SKILL.md to list jq and the exact Python version requirement and to explicitly document the need for an authenticated GitHub token and recommended minimal scopes.Like a lobster shell, security has layers — review code before you run it.
githubvk97dmjekps163h34bt7f79e9yx83pbp1latestvk97dmjekps163h34bt7f79e9yx83pbp1monitoringvk97dmjekps163h34bt7f79e9yx83pbp1prvk97dmjekps163h34bt7f79e9yx83pbp1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.