Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

myfirstgit

v1.0.0

Interact with GitHub via CLI to list repositories, issues, pull requests, and create new issues in your repositories.

⭐ 0· 147·0 current·0 all-time

by@m3159

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The SKILL.md describes a simple GitHub-CLI wrapper (list repos, issues, PRs, create issues) which is coherent with the stated purpose. However the package metadata (_meta.json and .clawhub/origin.json) use slug/owner values of 'github' that do not match the registry metadata for this skill ('myfirstgit' / owner kn76...). This mismatch suggests the files were copied/edited carelessly or the package metadata was not updated, which is a provenance/integrity concern.

ℹ

Instruction Scope

The instructions are narrowly scoped: they instruct use of the GitHub CLI ('gh') for the listed commands and do not ask the agent to read unrelated files or exfiltrate arbitrary data. However the skill relies on the local 'gh' authentication and local configuration (e.g., ~/.config/gh, SSH keys, or stored tokens) without declaring or explaining how credentials will be used. That reliance on local credentials should be explicit.

ℹ

Install Mechanism

This is an instruction-only skill with no install spec (lowest disk risk). That is reasonable for a simple wrapper. Still, SKILL.md lists dependencies (GitHub CLI, Node.js, Claw Hub) but the registry metadata does not declare required binaries; the mismatch should be corrected so users know what must be present.

Credentials

The skill requests no environment variables or credentials in the registry metadata, yet runtime use of 'gh' implicitly depends on and will use the user's local GitHub authentication (tokens/ssh). The absence of an explicit primary credential declaration (for example GITHUB_TOKEN) and no explanation of what will be read from local config is a proportionality / transparency concern.

✓

Persistence & Privilege

always:false and no install steps mean the skill does not request permanent forced inclusion or write-to-disk behavior. There is no evidence it modifies other skills or system-wide settings.

What to consider before installing

This skill appears to be a thin wrapper around the GitHub CLI, which is a plausible purpose — but there are a few red flags you should consider before installing: - Metadata mismatch: the embedded _meta.json and origin.json use a different slug/owner than the registry metadata for this skill. That can indicate a sloppy copy/paste or incorrect publishing. Verify the author and provenance before trusting the skill. - Undeclared dependencies: SKILL.md says 'gh' (GitHub CLI) and Node.js are required, but the registry entry doesn't declare required binaries. Make sure 'gh' is installed and authenticated locally before use. - Implicit credential use: the skill will rely on your local gh authentication (tokens or SSH keys stored on your system). If you install this skill, it can execute gh commands that act with your GitHub identity (create issues, list private repos, etc.). Only install if you trust the author and are comfortable with the agent using your local GitHub credentials. If you want to proceed safely: ask the publisher to fix the metadata, explicitly declare required binaries and any environment variables, and/or modify the skill to require an explicit GITHUB_TOKEN (and document its scope). If you do not trust the author, avoid installing or restrict the skill from autonomous invocation.

Like a lobster shell, security has layers — review code before you run it.

latestvk979bsysfstt7e7bxp87fpb8ws8324mh

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

myfirstgit

License

Comments