ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GitHub Bug Report

v1.0.2

Submit bug reports to GitHub for OpenClaw issues. Use when: (1)发现了明确的bug并想提交给官方; (2)官方产品出现问题需要报障; (3)想查询现有issue状态; (4)需要跟进已提交issue的进展. Includes issue templat...

0· 46·0 current·0 all-time
by@markma84
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The declared purpose (creating/searching/updating GitHub issues for the openclaw/openclaw repo) matches the script and instructions. However, instead of asking for a runtime credential (e.g., GITHUB_TOKEN) or documenting how to supply one, the skill embeds a plaintext token directly in SKILL.md and scripts. Embedding credentials is not necessary to achieve the stated purpose and is an inappropriate design choice.
!
Instruction Scope
SKILL.md instructs the agent/user to call the GitHub API and to create cron reminders; those actions are within the stated scope. But the instructions repeatedly include a literal Authorization token value and example curl commands using it, which causes the agent to use that embedded secret. The cron follow-up behavior (automatic bump reminders) could cause automated spamming of issues if misused and should require explicit user consent/configuration.
Install Mechanism
There is no install spec (instruction-only plus a small Python script). Nothing is downloaded from remote URLs or written during install. This lowers supply-chain risk.
!
Credentials
The skill declares no required environment variables but contains a hard-coded token (ghp_...) in both SKILL.md and scripts. Proper, proportionate behavior would be to require a single GITHUB_TOKEN environment variable (or document use of a personal access token) and not ship a credential. The embedded token grants repository-scoped API access and is a clear overreach for distributed code/documentation.
Persistence & Privilege
always:false and autonomous invocation are default and acceptable. The only persistence-related action in the docs is creating cron reminders for follow-up; that is not inherently malicious but creates ongoing automated activity and should be opt-in and limited. The skill does not request system-wide config changes or modify other skills.
Scan Findings in Context
[hardcoded_github_token] unexpected: A GitHub personal access token (string starting with 'ghp_...') appears in SKILL.md, references/quick-ref.md, and scripts/submit_issue.py. Shipping a plaintext token in code/docs is not required for a bug-reporting skill and is a security risk (should be provided at runtime via env var or other secret store).
What to consider before installing
Do not install or use this skill as-is. The package contains a plaintext GitHub token that could be valid and would allow API access to the openclaw/openclaw repository. Ask the author to remove the embedded token and change the code to accept a GITHUB_TOKEN (or other secret) provided at runtime; if you've already exposed this token (e.g., pasted it elsewhere), rotate/revoke it in GitHub immediately and check the token's scopes. Also verify you want automated cron-based 'bump' behavior before enabling any follow-up automation to avoid unintended spamming.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f4phn4hrpcg3j9zbwc02fms84v53a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments