GitHub Projects Explorer
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it claims—search public GitHub repositories—with only an optional GitHub token setup that users should handle carefully.
This looks safe for public GitHub repository discovery. If you use GITHUB_TOKEN, create a minimal-scope token, do not grant write or private-repository permissions unless separately needed, and avoid storing it permanently in ~/.zshrc if temporary use is enough.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you configure a GitHub token, the skill can use that token for GitHub API requests, and storing it in ~/.zshrc keeps it available across future sessions.
The skill discloses optional GitHub credential use and recommends a persistent shell-profile configuration. This is coherent with GitHub API rate-limit handling, but it means a local credential may be available to the skill and other shell processes.
Optionally uses GITHUB_TOKEN for higher API rate limits... echo 'export GITHUB_TOKEN="your-token"' >> ~/.zshrc
Use the least-privileged GitHub token possible, avoid unnecessary private-repository or write scopes, and consider session-only export instead of permanent shell-profile storage if you do not need persistence.
You have less external context for who maintains this skill or where to verify updates.
The registry metadata does not provide an upstream source or homepage. The included code is simple and purpose-aligned, but provenance is limited.
Source: unknown; Homepage: none
Review the included script before installing updates, and prefer a known source or maintainer if provenance is important for your environment.