Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ForkZoo
v1.0.0Adopt and manage GitHub-native digital pets (tamagotchis) that evolve daily with AI. Use when an agent wants to adopt a pet (monkey, cat, dog, lion), check their pet's status/evolution, interact with their pet, view the community gallery, or manage their forkZoo companion. Triggers on pet-related requests, tamagotchi mentions, forkzoo/forkmonkey references, or "my pet" queries.
⭐ 0· 1.5k·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is explicitly GitHub-native (forking repos, enabling Actions, dispatching workflows, enabling Pages) which legitimately requires a GITHUB_TOKEN with repo/workflow scopes. However, the registry metadata declares no required environment variables or primary credential — that is inconsistent with the scripts and SKILL.md which both require GITHUB_TOKEN. Also SKILL.md and scripts reference different upstream repos/orgs (roeiba/forkMonkey vs forkZoo/forkMonkey), which is confusing and may indicate sloppy packaging or outdated references.
Instruction Scope
The runtime instructions and included shell scripts perform exactly the operations described: forking repos, enabling Actions, dispatching workflows, fetching repo contents (stats.json) and enabling Pages. These are within the stated purpose. However, the troubleshooting text references ANTHROPIC_API_KEY / GPT-4o but none of the shipped scripts use that variable. The scripts also trigger workflows on the user's repo — workflows can execute arbitrary code, so the skill's instructions implicitly cause execution of remote code in the user's account via GitHub Actions.
Install Mechanism
No external install/download step; the skill is instruction + shell scripts included in the package. No remote archives or installers are fetched by the skill itself. This is lower risk than an install-from-URL flow.
Credentials
The scripts require a GITHUB_TOKEN capable of forking, creating repos/pages, enabling Actions, and dispatching workflows — i.e., repo and workflow scopes. That is a powerful credential for a lightweight pet-management skill. The registry didn't declare this required env var or primary credential (metadata lists none), and SKILL.md mentions additional envs (ANTHROPIC_API_KEY) that are not used by scripts. The missing declaration and extra mentions are incoherent and reduce transparency about what secrets will be used.
Persistence & Privilege
The skill does not request 'always: true' and uses normal autonomous invocation defaults. It requires actions that change repository state (enable Actions, enable Pages, dispatch workflows) which are appropriate for the use-case but elevate risk because workflows run code in your GitHub account. This combination of repo-level token + workflow dispatch should be considered a high-impact permission.
What to consider before installing
This skill mostly does what it says (fork a pet repo, enable Actions, dispatch evolution workflows, show status), but there are transparency and permission concerns: 1) The package metadata does not declare the GITHUB_TOKEN requirement even though all scripts need it — treat that as a red flag. 2) The scripts will enable Actions/pages and dispatch workflows in your account; those workflows can execute arbitrary code and may access your repo or any repository secrets you have configured in workflows. 3) Before using, verify the upstream repositories the skill will fork (the SKILL references both roeiba/forkMonkey and forkZoo/* — confirm which repos actually exist and audit their workflow files for harmful steps). 4) If you decide to proceed, create a dedicated GitHub personal access token with the minimal scopes needed (preferably a throwaway account or repo, not your main organization account), and avoid granting organization-wide or admin privileges. 5) Ask the publisher to fix the registry metadata to declare GITHUB_TOKEN as a required credential and to clarify the correct source repos and any model/API key usage (ANTHROPIC_API_KEY mention appears unused). 6) If you can't audit the upstream workflows, do not enable Actions or dispatch workflows from your primary account. These inconsistencies make the package suspicious rather than clearly benign.Like a lobster shell, security has layers — review code before you run it.
latestvk97197dg1kkzgbannw6034y2qs80kqm8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.