Search Recent Github Activities

AdvisoryAudited by Static analysis on Apr 30, 2026.

Overview

No suspicious patterns detected.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI02: Tool Misuse and Exploitation

What this means

Your GitHub feed query terms, such as repository names, organizations, dates, and search text, may be sent to beta.nomit.dev.

Why it was flagged

The skill directs the agent to make external web requests using a fetch tool. This is disclosed, limited to the Nom feed workflow, and paired with input validation and URL encoding instructions.

Skill content

allowed-tools: ["mcp_web_fetch"] ... Base URL: `https://beta.nomit.dev` ... Use mcp_web_fetch with the constructed URL.

Recommendation

Use it for public or non-sensitive GitHub activity searches, and avoid entering private search terms if you do not want them sent to the Nom service.