Search recent repo activities

AdvisoryAudited by Static analysis on Apr 30, 2026.

Overview

No suspicious patterns detected.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI02: Tool Misuse and Exploitation

What this means

Repo names, organization names, date filters, and search text you provide may be included in requests to beta.nomit.dev.

Why it was flagged

The skill authorizes curl network requests to fetch Nom feed data. This is expected for the stated purpose, but users should recognize that query arguments are sent to an external service.

Skill content

allowed-tools: ["Bash(curl:*)"] ... Base URL: `https://beta.nomit.dev` ... Use curl to fetch the response.

Recommendation

Use it for public GitHub activity searches and avoid putting private or sensitive information into search terms.