Skillv1.0.0

ClawScan security

GitHub Issue Finder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 5:24 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions and included script assume the GitHub CLI and local repo access (and thus use stored GitHub credentials), but the skill metadata does not declare required binaries or credentials—this mismatch should be resolved before trusting or installing it.
Guidance: Before installing or running: (1) Review the included scripts (scripts/analyze_issues.py) yourself—they call subprocesses (gh) and operate on local files. (2) Understand that the skill expects the GitHub CLI (gh) and likely git to be installed and authenticated; the metadata does not declare these requirements—verify your gh authentication and consider using a least-privilege account or a disposable environment. (3) Run the script in a controlled environment (container or VM) if you are unsure about source trust. (4) If you plan to let the agent invoke this skill autonomously, be aware it will have the same access as your configured gh user (ability to read private repos accessible to that account). (5) Ask the publisher to update metadata to declare required binaries (gh, git) and document credential usage so the security posture is clear.

Review Dimensions

Purpose & Capability: concernThe SKILL.md and scripts rely heavily on the GitHub CLI (gh), git, and local repository files (clone, find, grep), which are appropriate for an issue-finder. However the skill metadata declares no required binaries or primary credentials. A legitimate 'GitHub Issue Finder' would normally declare 'gh' (and possibly 'git') as required and note that it needs access to a configured GitHub CLI authentication/token. The missing declaration is an incoherence.
Instruction Scope: noteInstructions stay within the stated purpose (searching issues, cloning repos, examining code, and generating reports). They do instruct the agent to run commands that access local filesystem paths (cd /path/to/repo, find, grep) and to call gh api endpoints. That is expected for this use case, but the SKILL.md also assumes the agent will run gh with valid authentication and does not document or restrict which repos/paths to access—users should be aware the skill will operate on local repos and any repositories accessible to the authenticated gh user.
Install Mechanism: okThis is an instruction-only skill with no install spec. No remote downloads or package installs are requested, which minimizes installation risk. The included Python script is small, readable, and shipped with the skill (no external install).
Credentials: concernThe skill declares no required environment variables or primary credential, but runtime behavior depends on the GitHub CLI being present and authenticated (gh uses local credential storage or GITHUB_TOKEN). That implicit reliance on the user's GitHub credentials is not declared. The Python script invokes subprocesses (gh) and would use whatever GitHub identity is configured on the host—this is proportionate for the described purpose but should be declared explicitly so users understand credential access.
Persistence & Privilege: okThe skill does not request persistent inclusion (always:false) and does not modify other skills or system-wide agent settings. Autonomous invocation is allowed (default) but not combined with other red flags. The skill writes reports if asked via --output, which is expected behavior.