Search Recent Github Activities
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill appears to do what it claims: fetch public GitHub activity from a disclosed Nom web endpoint, without local code, credentials, or persistence.
This skill looks safe for its stated purpose. Before installing, note that your chosen GitHub search parameters are fetched through the external Nom service at beta.nomit.dev, so avoid using sensitive or private query text.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your GitHub feed query terms, such as repository names, organizations, dates, and search text, may be sent to beta.nomit.dev.
The skill directs the agent to make external web requests using a fetch tool. This is disclosed, limited to the Nom feed workflow, and paired with input validation and URL encoding instructions.
allowed-tools: ["mcp_web_fetch"] ... Base URL: `https://beta.nomit.dev` ... Use mcp_web_fetch with the constructed URL.
Use it for public or non-sensitive GitHub activity searches, and avoid entering private search terms if you do not want them sent to the Nom service.