ClawHub

Github Agent Trends

v1.0.0

Generate GitHub agent-trending project reports as formatted markdown leaderboards. Fetches agent/LLM-agent/multi-agent related repos by daily, weekly, or mon...

0· 88·0 current·0 all-time
by@mike47512
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe fetching GitHub agent-related repos and producing a markdown leaderboard; the included Python script implements exactly that using the GitHub Search API. No unrelated credentials, binaries, or services are requested.
Instruction Scope
SKILL.md runtime instructions are scoped to running the provided script and optionally using GITHUB_TOKEN; they do not instruct reading unrelated files or exfiltrating data. However, the example CLI path in SKILL.md (scripts/skills/github-agent-trends/scripts/fetch_trends.py) does not match the included file location (scripts/fetch_trends.py), which is a usability/incoherence issue and could confuse installers.
Install Mechanism
No install spec and the script uses only Python stdlib and direct HTTP calls to api.github.com. There are no downloads from third-party URLs or archive extraction steps.
Credentials
No required environment variables are declared. The script accepts an optional GITHUB_TOKEN (recommended for rate limits) which is proportional to calling the GitHub API. No unrelated secrets or broad system credentials are requested.
Persistence & Privilege
The skill does not request persistent/always-on presence, does not modify other skills or system settings, and has no special privileges.
Assessment
This skill appears to do what it says: query the GitHub Search API for agent-related projects and print a markdown leaderboard. Before installing or running it: (1) note the path mismatch in SKILL.md — run the actual script at scripts/fetch_trends.py (or adjust the path as needed); (2) if you provide a GITHUB_TOKEN, use a least-privilege PAT and keep it secret (do not paste it into chat); (3) verify network access to api.github.com in your environment; (4) inspect the script yourself if you require extra assurance—its logic is short and uses only the GitHub API, with no hidden endpoints or arbitrary code downloads.

Like a lobster shell, security has layers — review code before you run it.

latestvk978pvjdsjn6exgdv7crhse3w183kp8h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments