Back to skill
Skillv0.1.5
ClawScan security
Git Team Ops · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 3, 2026, 7:48 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's declared purpose (role-based GitOps) aligns with its instructions and included templates; there are minor ambiguities about where platform tokens come from and the provenance of the package, but nothing in the bundle contradicts the stated purpose.
- Guidance
- This skill appears coherent for managing junior/senior GitOps workflows and only includes repo templates and operational instructions. Before installing: 1) Verify you trust the LaunchThatBot control plane referenced in SKILL.md (confirm homepage, documentation, and where the managed onboarding tokens are minted). 2) Prefer BYO GitHub App mode if you cannot fully trust a third-party platform to mint tokens; review required app permissions and Installation ID. 3) Review the workflow templates and CODEOWNERS before copying them into production repositories to ensure they meet your security policy. 4) Confirm that the runtime will not persist onboarding tokens and that tokens are short-lived and scoped to least-privilege. 5) If provenance matters, ask for the package's authoritative source (git URL, publisher identity) because the registry metadata shows 'Source: unknown' and the repository URL in package.json should be validated. If you learn the package is hosted on an untrusted or unknown server, or if the SKILL.md is updated to reference external URLs/personal servers for installs or token exchange, reassess (that would raise this to suspicious).
Review Dimensions
- Purpose & Capability
- okName/description (role-based junior/senior GitOps) match the instructions and included templates (workflows, CODEOWNERS). The SKILL.md explicitly describes how the skill will authenticate (managed-app / BYO app / PAT) and the operations each role may perform. Requiring no binaries, env vars, or install steps is consistent with an instruction-only skill that relies on the OpenClaw/LaunchThatBot control plane.
- Instruction Scope
- noteInstructions stay within GitOps scope: validating repo access, creating branches, copying templates, opening PRs, and requiring senior approval. A minor ambiguity: SKILL.md references platform endpoints (POST /github/install/start, etc.) without a full base URL — this assumes the OpenClaw/LaunchThatBot runtime provides those endpoints. The instructions explicitly call out not to persist onboarding tokens and to treat them as sensitive, which is appropriate.
- Install Mechanism
- okInstruction-only skill with no install spec and no code execution. Files are templates and documentation; there is no download/install step that writes or executes arbitrary archives on disk. This is the lowest-risk install profile.
- Credentials
- noteThe package declares no required env vars or primary credential, which at first glance might seem odd for a GitHub-operating skill. However, the SKILL.md explains a managed-app authentication flow where the platform mints short-lived onboarding tokens; BYO App/PAT options are described as alternatives. Because credentials are supplied by the controlling platform at runtime rather than embedded in the skill, the lack of declared env vars is explainable but worth verifying in your runtime environment.
- Persistence & Privilege
- okFlags are default (always: false, model invocation allowed). The skill does not request permanent presence, does not modify other skills' configurations, and does not require system-wide settings. Its behavior is scoped to repository operations and onboarding flows described in SKILL.md.