Search Recent Github Activities
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: nom Version: 1.0.1 The skill bundle is benign. It clearly defines its purpose as fetching GitHub activity from `beta.nomit.dev` and explicitly restricts the AI agent to use only the `mcp_web_fetch` tool, preventing shell execution. Furthermore, `SKILL.md` includes robust input validation rules for arguments and mandates proper URL encoding, mitigating potential injection vulnerabilities. There is no evidence of malicious intent such as data exfiltration, unauthorized command execution, or persistence mechanisms.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your GitHub feed query terms, such as repository names, organizations, dates, and search text, may be sent to beta.nomit.dev.
The skill directs the agent to make external web requests using a fetch tool. This is disclosed, limited to the Nom feed workflow, and paired with input validation and URL encoding instructions.
allowed-tools: ["mcp_web_fetch"] ... Base URL: `https://beta.nomit.dev` ... Use mcp_web_fetch with the constructed URL.
Use it for public or non-sensitive GitHub activity searches, and avoid entering private search terms if you do not want them sent to the Nom service.