Github
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: github-integration Version: 1.0.5 The skill facilitates GitHub integration by instructing the agent to perform a global installation of a third-party CLI (`npm install -g @membranehq/cli`) and routing all GitHub API traffic and authentication through an external proxy service (getmembrane.com). While these capabilities are aligned with the stated purpose of the skill, the requirement for global system modifications and the use of a third-party intermediary for sensitive GitHub credentials represent significant supply-chain and data-privacy risks. The SKILL.md also includes a future-dated timestamp (2026) in its metadata, which is unusual for current deployments.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The local CLI package will run with the user's permissions and may change over time as the latest version changes.
The skill depends on a globally installed external CLI from npm using the moving @latest tag. This is disclosed and central to the Membrane workflow, but the executable code is not part of the reviewed artifact.
npm install -g @membranehq/cli@latest
Install only from the trusted npm package source, consider pinning a reviewed version if your environment requires reproducibility, and keep the CLI updated intentionally.
Actions may run with the authenticated GitHub account's permissions, including access to private repositories or organization resources if those scopes are granted.
The integration uses delegated authentication and credential refresh through Membrane. That is expected for a GitHub integration, but it grants account-level authority based on the scopes the user approves.
Membrane handles authentication and credentials refresh automatically
Authenticate with the least-privileged GitHub account or organization scope needed, review OAuth permissions carefully, and revoke the connection when finished.
The agent could create issues, comments, releases, repositories, pull requests, reviews, updates, or merges using the connected GitHub account when directed.
The action catalog includes repository-mutating GitHub operations. These are disclosed and purpose-aligned, but they can have significant project impact if run without clear user intent.
| Create Release | create-release | Create a new release for a repository | ... | Merge Pull Request | merge-pull-request | Merge a pull request |
Require explicit user confirmation before mutating repository state, especially for releases, repository creation, pull request updates, and merges.
GitHub metadata, issue or PR content, and action parameters may pass through Membrane depending on the action used.
GitHub requests and responses are mediated through the Membrane CLI/service rather than only direct local GitHub calls. This third-party gateway is disclosed and expected for this skill.
This skill uses the Membrane CLI to interact with Github.
Use the skill only if Membrane is an acceptable intermediary for the repositories and data involved, and follow your organization's data-sharing policies.
A remote setup response could influence what the agent does next during connection configuration.
The setup flow may return provider-supplied instructions for the agent. This is disclosed as part of connection setup, but such instructions should be treated as operational guidance, not as authority to override the user's request.
clientAction.agentInstructions (optional) — instructions for the AI agent on how to proceed programmatically.
Keep provider-returned instructions constrained to the current setup task and do not let them override user intent, safety checks, or confirmation requirements.