github-search
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: github-search Version: 1.0.0 The skill is classified as suspicious due to its reliance on `child_process.execSync` in `scripts/github-search.mjs` and `scripts/repo-detail.mjs` to execute `curl` commands for GitHub API interactions. While the URL and header arguments appear to be correctly quoted to prevent trivial shell injection from user input, using `execSync` for external network calls is an inherently riskier practice than employing dedicated HTTP client libraries, potentially introducing vulnerabilities if quoting or input sanitization were to fail under specific conditions. No evidence of intentional malicious behavior, such as data exfiltration to unauthorized endpoints or backdoor installation, was found; the `GITHUB_TOKEN` usage is for legitimate API authentication.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or untrusted search option could cause the agent to run local shell commands under the user's account.
The query is URL-encoded, but sort and order are command-line values inserted into a shell command. Crafted values can break quoting or trigger shell substitution before curl runs.
options.sort = args[++i]; ... const url = `${GITHUB_API}?q=${encodeURIComponent(query)}&sort=${sort}&order=${order}&per_page=${perPage}`; ... execSync(cmd, ...)Replace execSync/curl with fetch or an HTTPS library, or use execFile/spawn with an argument array. Whitelist sort/order values and encode every URL parameter.
A crafted repository name could make the script execute unintended local commands, potentially exposing local files or environment variables.
The repository name comes from the command line and is placed into a shell-executed curl command. The owner/repo split check does not sanitize shell metacharacters or command substitutions.
return args[0]; ... const url = `${GITHUB_API}/${repoFullName}`; ... const result = execSync(cmd, { encoding: 'utf-8', timeout: 30000 });Validate repository names against GitHub's allowed owner/repo pattern, URL-encode path components, and avoid shell execution for HTTP requests.
If you run the skill with a GitHub token in the environment, that account credential is available to the script and could be at risk if command injection is exploited.
The script optionally reads a GitHub token and uses it for GitHub API authentication. This is disclosed and purpose-aligned, but it increases the impact of the shell-injection issue.
if (process.env.GITHUB_TOKEN) { headers.push(`-H "Authorization: token ${process.env.GITHUB_TOKEN}"`); }Use a minimal-scope GitHub token, unset it when not needed, and avoid running this skill with untrusted arguments until the shell execution is fixed.
That documented batch workflow cannot be reviewed or run as supplied, and users might look for or create an unreviewed helper script.
The documentation references scripts/batch-detail.mjs, but the provided file manifest includes only README.md, SKILL.md, scripts/github-search.mjs, and scripts/repo-detail.mjs.
cat search-results.json | node scripts/batch-detail.mjs
Remove the missing helper reference or include the script for review before encouraging users or agents to run it.